diff options
| author | nelsonb%netscape.com <devnull@localhost> | 2003-11-13 03:41:32 +0000 |
|---|---|---|
| committer | nelsonb%netscape.com <devnull@localhost> | 2003-11-13 03:41:32 +0000 |
| commit | 28654ac9693b0cc70ee73bfd7b1dcc1ea6dd1878 (patch) | |
| tree | 962feaf72d6ca86141ad1b3779dfe745ee734fae | |
| parent | b21c61fcf8ea5b4816e3f0e80f52154a3f66eda0 (diff) | |
| download | nss-hg-28654ac9693b0cc70ee73bfd7b1dcc1ea6dd1878.tar.gz | |
Workaround race. Reduce leaks. Not a real fix. Bugzilla bug 225525.
| -rw-r--r-- | security/nss/lib/pki/certificate.c | 17 | ||||
| -rw-r--r-- | security/nss/lib/pki/pki3hack.c | 24 |
2 files changed, 37 insertions, 4 deletions
diff --git a/security/nss/lib/pki/certificate.c b/security/nss/lib/pki/certificate.c index f074e77dd..532c967a9 100644 --- a/security/nss/lib/pki/certificate.c +++ b/security/nss/lib/pki/certificate.c @@ -301,8 +301,23 @@ nssCertificate_GetDecoding ( NSSCertificate *c ) { + /* There is a race in assigning c->decoding. + ** This is a workaround. Bugzilla bug 225525. + */ if (!c->decoding) { - c->decoding = nssDecodedCert_Create(NULL, &c->encoding, c->type); + nssDecodedCert * deco = + nssDecodedCert_Create(NULL, &c->encoding, c->type); + /* Once this race is fixed, an assertion should be put + ** here to detect any regressions. + PORT_Assert(!c->decoding); + */ + if (!c->decoding) { + /* we won the race. Use our copy. */ + c->decoding = deco; + } else { + /* we lost the race. discard deco. */ + nssDecodedCert_Destroy(deco); + } } return c->decoding; } diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index f78ae7e26..6998d84d6 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -88,6 +88,7 @@ STAN_GetDefaultCryptoContext() } extern const NSSError NSS_ERROR_ALREADY_INITIALIZED; +extern const NSSError NSS_ERROR_INTERNAL_ERROR; NSS_IMPLEMENT PRStatus STAN_LoadDefaultNSS3TrustDomain ( @@ -730,21 +731,38 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) nssDecodedCert *dc = c->decoding; CERTCertificate *cc; + /* There is a race in assigning c->decoding. + ** This is a workaround. Bugzilla bug 225525. + */ if (!dc) { dc = nssDecodedPKIXCertificate_Create(NULL, &c->encoding); if (!dc) return NULL; cc = (CERTCertificate *)dc->data; - PORT_Assert(cc); + PORT_Assert(cc); /* software error */ if (!cc) { nssDecodedPKIXCertificate_Destroy(dc); + nss_SetError(NSS_ERROR_INTERNAL_ERROR); return NULL; } - PORT_Assert(!c->decoding); /* Feeble attempt at race detection. */ - c->decoding = dc; + /* Once this race is fixed, an assertion should be put + ** here to detect any regressions. + PORT_Assert(!c->decoding); + */ + if (!c->decoding) { + c->decoding = dc; + } else { + /* Reduce the leaks here, until the race is fixed. */ + nssDecodedPKIXCertificate_Destroy(dc); + dc = c->decoding; + } } cc = (CERTCertificate *)dc->data; PORT_Assert(cc); + /* When c->decoding is non-NULL on input, but dc->data is + * NULL, we don't destroy dc because some other errant + * code allocated it . + */ if (cc) { if (!cc->nssCertificate || forceUpdate) { fill_CERTCertificateFields(c, cc, forceUpdate); |