summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJ.C. Jones <jjones@mozilla.com>2020-07-09 18:03:00 +0000
committerJ.C. Jones <jjones@mozilla.com>2020-07-09 18:03:00 +0000
commit75ac3e8bed07fa0b9eb9c4a651a776577f00b6b6 (patch)
treeff2dda30fb7b2af47632ffeea13c90e83281102b
parent181d8146204ee0f972d792e11a88762d777094b3 (diff)
downloadnss-hg-75ac3e8bed07fa0b9eb9c4a651a776577f00b6b6.tar.gz
Bug 1651520 - slotLock race in NSC_GetTokenInfo r=kjacobs
Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot after obtaining it, even though slotLock is defined as its lock. [0] [0] https://searchfox.org/nss/rev/a412e70e55218aaf670f1f10322fa734d8a9fbde/lib/softoken/pkcs11i.h#320-321 Differential Revision: https://phabricator.services.mozilla.com/D82955
-rw-r--r--lib/softoken/pkcs11.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c
index 950e764d9..958ae27fd 100644
--- a/lib/softoken/pkcs11.c
+++ b/lib/softoken/pkcs11.c
@@ -3661,10 +3661,12 @@ NSC_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
PORT_Memcpy(pInfo->model, "NSS 3 ", 16);
PORT_Memcpy(pInfo->serialNumber, "0000000000000000", 16);
PORT_Memcpy(pInfo->utcTime, "0000000000000000", 16);
- pInfo->ulMaxSessionCount = 0; /* arbitrarily large */
- pInfo->ulSessionCount = slot->sessionCount;
+ pInfo->ulMaxSessionCount = 0; /* arbitrarily large */
pInfo->ulMaxRwSessionCount = 0; /* arbitarily large */
+ PZ_Lock(slot->slotLock); /* Protect sessionCount / rwSessioncount */
+ pInfo->ulSessionCount = slot->sessionCount;
pInfo->ulRwSessionCount = slot->rwSessionCount;
+ PZ_Unlock(slot->slotLock); /* Unlock before sftk_getKeyDB */
pInfo->firmwareVersion.major = 0;
pInfo->firmwareVersion.minor = 0;
PORT_Memcpy(pInfo->label, slot->tokDescription, sizeof(pInfo->label));