diff options
author | rrelyea%redhat.com <devnull@localhost> | 2007-05-30 22:00:14 +0000 |
---|---|---|
committer | rrelyea%redhat.com <devnull@localhost> | 2007-05-30 22:00:14 +0000 |
commit | 02b76e728cffef972258d9da7519c558c1daa17b (patch) | |
tree | be738cac20390eba16d3c18d7b0aed399e57795f | |
parent | ee2ddb06d621e2aa3ff4e6f84bdec986a500792e (diff) | |
download | nss-hg-02b76e728cffef972258d9da7519c558c1daa17b.tar.gz |
1) Sharing db handles across threads should not be the default.
2) add back in the sensitive attribute checking
-rw-r--r-- | security/nss/lib/softoken/pkcs11.c | 27 | ||||
-rw-r--r-- | security/nss/lib/softoken/sdb.c | 1 |
2 files changed, 26 insertions, 2 deletions
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index d2beb5244..f3b5f5f96 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -3614,14 +3614,39 @@ CK_RV NSC_GetAttributeValue(CK_SESSION_HANDLE hSession, if (sftk_isToken(hObject)) { SFTKSlot *slot = sftk_SlotFromSession(session); SFTKDBHandle *dbHandle = sftk_getDBForObject(slot, hObject); + SFTKDBHandle *keydb = NULL; + + if (dbHandle == NULL) { + sftk_FreeSession(session); + return CKR_OBJECT_HANDLE_INVALID; + } crv = sftkdb_GetAttributeValue(dbHandle, hObject, pTemplate, ulCount); + /* make sure we don't export any sensitive information */ + keydb = sftk_getKeyDB(slot); + if (dbHandle == keydb) { + for (i=0; i < (int) ulCount; i++) { + if (sftk_isSensitive(pTemplate[i].type,CKO_PRIVATE_KEY)) { + crv = CKR_ATTRIBUTE_SENSITIVE; + if (pTemplate[i].pValue && (pTemplate[i].ulValueLen!= -1)){ + PORT_Memset(pTemplate[i].pValue, 0, + pTemplate[i].ulValueLen); + } + pTemplate[i].ulValueLen = -1; + } + } + } + sftk_FreeSession(session); sftk_freeDB(dbHandle); + if (keydb) { + sftk_freeDB(keydb); + } return crv; } - + + /* handle the session object */ object = sftk_ObjectFromHandle(hObject,session); sftk_FreeSession(session); if (object == NULL) { diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c index 4a38ea9a8..841292e19 100644 --- a/security/nss/lib/softoken/sdb.c +++ b/security/nss/lib/softoken/sdb.c @@ -64,7 +64,6 @@ #include "prlock.h" -#define SQLITE_THREAD_SHARE_DB 1 #ifdef SQLITE_UNSAFE_THREADS /* * SQLite can be compiled to be thread safe or not. |