diff options
author | John M. Schanck <jschanck@mozilla.com> | 2022-06-06 18:11:10 +0000 |
---|---|---|
committer | John M. Schanck <jschanck@mozilla.com> | 2022-06-06 18:11:10 +0000 |
commit | 819e007db5425843aeecd50e547a42b20e1c32fc (patch) | |
tree | f7e683bfd72f1931f83ea77d97a2b512c2bf738e | |
parent | 5030790867519771aeef88e77ceafda89cea5fbc (diff) | |
download | nss-hg-819e007db5425843aeecd50e547a42b20e1c32fc.tar.gz |
Bug 1760998 - avoid data race on primary password change. r=rrelyea
Differential Revision: https://phabricator.services.mozilla.com/D146655
-rw-r--r-- | lib/softoken/sftkdb.c | 8 | ||||
-rw-r--r-- | lib/softoken/sftkpwd.c | 6 |
2 files changed, 12 insertions, 2 deletions
diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c index 7c1001be8..407ca1cc1 100644 --- a/lib/softoken/sftkdb.c +++ b/lib/softoken/sftkdb.c @@ -339,7 +339,7 @@ sftkdb_fixupTemplateOut(CK_ATTRIBUTE *template, CK_OBJECT_HANDLE objectID, if ((keyHandle == NULL) || ((SFTK_GET_SDB(keyHandle)->sdb_flags & SDB_HAS_META) == 0) || - (keyHandle->passwordKey.data == NULL)) { + (sftkdb_PWCached(keyHandle) != SECSuccess)) { checkSig = PR_FALSE; } @@ -1606,10 +1606,14 @@ sftkdb_CloseDB(SFTKDBHandle *handle) } (*handle->db->sdb_Close)(handle->db); } + if (handle->passwordLock) { + PZ_Lock(handle->passwordLock); + } if (handle->passwordKey.data) { SECITEM_ZfreeItem(&handle->passwordKey, PR_FALSE); } if (handle->passwordLock) { + PZ_Unlock(handle->passwordLock); SKIP_AFTER_FORK(PZ_DestroyLock(handle->passwordLock)); } if (handle->updatePasswordKey) { @@ -2695,10 +2699,12 @@ sftkdb_ResetKeyDB(SFTKDBHandle *handle) /* set error */ return SECFailure; } + PZ_Lock(handle->passwordLock); if (handle->passwordKey.data) { SECITEM_ZfreeItem(&handle->passwordKey, PR_FALSE); handle->passwordKey.data = NULL; } + PZ_Unlock(handle->passwordLock); return SECSuccess; } diff --git a/lib/softoken/sftkpwd.c b/lib/softoken/sftkpwd.c index 3bc4e57e1..d88595408 100644 --- a/lib/softoken/sftkpwd.c +++ b/lib/softoken/sftkpwd.c @@ -1108,7 +1108,11 @@ done: SECStatus sftkdb_PWCached(SFTKDBHandle *keydb) { - return keydb->passwordKey.data ? SECSuccess : SECFailure; + SECStatus rv; + PZ_Lock(keydb->passwordLock); + rv = keydb->passwordKey.data ? SECSuccess : SECFailure; + PZ_Unlock(keydb->passwordLock); + return rv; } static CK_RV |