Fix for 237934 - nss_InitLock not atomic. r=nelson

4 files changed, 28 insertions, 11 deletions

diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index daed7453d..6db9a7641 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -3333,7 +3333,7 @@ typedef struct {
     PK11SymKey *      symWrapKey[kt_kea_size];
 } ssl3SymWrapKey;
 
-static PZLock *          symWrapKeysLock;
+static PZLock *          symWrapKeysLock = NULL;
 static ssl3SymWrapKey    symWrapKeys[SSL_NUM_WRAP_MECHS];
 
 SECStatus
@@ -3360,6 +3360,13 @@ SSL3_ShutdownServerCache(void)
     return SECSuccess;
 }
 
+void ssl_InitSymWrapKeysLock(void)
+{
+    /* atomically initialize the lock */
+    if (!symWrapKeysLock)
+	nss_InitLock(&symWrapKeysLock, nssILockOther);
+}
+
 /* Try to get wrapping key for mechanism from in-memory array.
  * If that fails, look for one on disk.
  * If that fails, generate a new one, put the new one on disk,
@@ -3397,9 +3404,7 @@ getWrappingKey( sslSocket *       ss,
 
     pSymWrapKey = &symWrapKeys[symWrapMechIndex].symWrapKey[exchKeyType];
 
-    /* atomically initialize the lock */
-    if (!symWrapKeysLock)
-	nss_InitLock(&symWrapKeysLock, nssILockOther);
+    ssl_InitSymWrapKeysLock();
 
     PZ_Lock(symWrapKeysLock);
 
diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h
index 90a99100e..b17c40672 100644
--- a/security/nss/lib/ssl/sslimpl.h
+++ b/security/nss/lib/ssl/sslimpl.h
@@ -1264,6 +1264,10 @@ ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk);
 /* get rid of the symmetric wrapping key references. */
 extern SECStatus SSL3_ShutdownServerCache(void);
 
+extern void ssl_InitClientSessionCacheLock(void);
+
+extern void ssl_InitSymWrapKeysLock(void);
+
 /********************** misc calls *********************/
 
 extern int ssl_MapLowLevelError(int hiLevelError);
diff --git a/security/nss/lib/ssl/sslnonce.c b/security/nss/lib/ssl/sslnonce.c
index ac79c6d66..9ae45de1a 100644
--- a/security/nss/lib/ssl/sslnonce.c
+++ b/security/nss/lib/ssl/sslnonce.c
@@ -51,8 +51,8 @@
 PRUint32 ssl_sid_timeout = 100;
 PRUint32 ssl3_sid_timeout = 86400L; /* 24 hours */
 
-static sslSessionID *cache;
-static PZLock *      cacheLock;
+static sslSessionID *cache = NULL;
+static PZLock *      cacheLock = NULL;
 
 /* sids can be in one of 4 states:
  *
@@ -65,14 +65,16 @@ static PZLock *      cacheLock;
 #define LOCK_CACHE 	lock_cache()
 #define UNLOCK_CACHE	PZ_Unlock(cacheLock)
 
-static void 
-lock_cache(void)
+void ssl_InitClientSessionCacheLock(void)
 {
-    /* XXX Since the client session cache has no init function, we must
-     * XXX init the cacheLock on the first call.  Fix in NSS 3.0.
-     */
     if (!cacheLock)
 	nss_InitLock(&cacheLock, nssILockCache);
+}
+
+static void 
+lock_cache(void)
+{
+    ssl_InitClientSessionCacheLock();
     PZ_Lock(cacheLock);
 }
 
diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c
index 6604c2896..8d5a853b1 100644
--- a/security/nss/lib/ssl/sslsnce.c
+++ b/security/nss/lib/ssl/sslsnce.c
@@ -1169,6 +1169,8 @@ SSL_ConfigServerSessionIDCache(	int      maxCacheEntries,
 			       	PRUint32 ssl3_timeout, 
 			  const char *   directory)
 {
+    ssl_InitClientSessionCacheLock();
+    ssl_InitSymWrapKeysLock();
     return SSL_ConfigServerSessionIDCacheInstance(&globalCache, 
     		maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE);
 }
@@ -1276,6 +1278,10 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString)
 	}
     	return SECSuccess;	/* already done. */
     }
+
+    ssl_InitClientSessionCacheLock();
+    ssl_InitSymWrapKeysLock();
+
     ssl_sid_lookup  = ServerSessionIDLookup;
     ssl_sid_cache   = ServerSessionIDCache;
     ssl_sid_uncache = ServerSessionIDUncache;