From 71ac56ba408bc8819ae6a7d07826f3cfa13a082b Mon Sep 17 00:00:00 2001 From: "J.C. Jones" Date: Sat, 29 Aug 2020 13:04:08 +0000 Subject: [NSS] Prevent slotLock race in NSC_GetTokenInfo Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot after obtaining it, even though slotLock is defined as its lock. --- security/nss/lib/softoken/pkcs11.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'security') diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 6c535cf77..116a34890 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -3511,10 +3511,12 @@ NSC_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) PORT_Memcpy(pInfo->model, "NSS 3 ", 16); PORT_Memcpy(pInfo->serialNumber, "0000000000000000", 16); PORT_Memcpy(pInfo->utcTime, "0000000000000000", 16); - pInfo->ulMaxSessionCount = 0; /* arbitrarily large */ + pInfo->ulMaxSessionCount = 0; /* arbitrarily large */ + pInfo->ulMaxRwSessionCount = 0; /* arbitrarily large */ + PZ_Lock(slot->slotLock); /* Protect sessionCount / rwSessioncount */ pInfo->ulSessionCount = slot->sessionCount; - pInfo->ulMaxRwSessionCount = 0; /* arbitarily large */ pInfo->ulRwSessionCount = slot->rwSessionCount; + PZ_Unlock(slot->slotLock); /* Unlock before sftk_getKeyDB */ pInfo->firmwareVersion.major = 0; pInfo->firmwareVersion.minor = 0; PORT_Memcpy(pInfo->label, slot->tokDescription, sizeof(pInfo->label)); -- cgit v1.2.3