summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ.C. Jones <jjones@mozilla.com>2020-08-29 13:04:08 +0000
committerMoonchild <moonchild@palemoon.org>2020-08-29 13:04:08 +0000
commit58cc431b02c14e4a489a0ebcbacd8d491217c3c3 (patch)
treea30058d6dd4b04880d4105ab31c84a3a723ed757
parent5559674becdb441a02fb0438de20bbc9ca5b97a7 (diff)
downloadUXP-58cc431b02c14e4a489a0ebcbacd8d491217c3c3.tar
UXP-58cc431b02c14e4a489a0ebcbacd8d491217c3c3.tar.gz
UXP-58cc431b02c14e4a489a0ebcbacd8d491217c3c3.tar.lz
UXP-58cc431b02c14e4a489a0ebcbacd8d491217c3c3.tar.xz
UXP-58cc431b02c14e4a489a0ebcbacd8d491217c3c3.zip
[NSS] Prevent slotLock race in NSC_GetTokenInfo
Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot after obtaining it, even though slotLock is defined as its lock.
Diffstat
-rw-r--r--security/nss/lib/softoken/pkcs11.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index 6c535cf77..116a34890 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -3511,10 +3511,12 @@ NSC_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
PORT_Memcpy(pInfo->model, "NSS 3 ", 16);
PORT_Memcpy(pInfo->serialNumber, "0000000000000000", 16);
PORT_Memcpy(pInfo->utcTime, "0000000000000000", 16);
- pInfo->ulMaxSessionCount = 0; /* arbitrarily large */
+ pInfo->ulMaxSessionCount = 0; /* arbitrarily large */
+ pInfo->ulMaxRwSessionCount = 0; /* arbitrarily large */
+ PZ_Lock(slot->slotLock); /* Protect sessionCount / rwSessioncount */
pInfo->ulSessionCount = slot->sessionCount;
- pInfo->ulMaxRwSessionCount = 0; /* arbitarily large */
pInfo->ulRwSessionCount = slot->rwSessionCount;
+ PZ_Unlock(slot->slotLock); /* Unlock before sftk_getKeyDB */
pInfo->firmwareVersion.major = 0;
pInfo->firmwareVersion.minor = 0;
PORT_Memcpy(pInfo->label, slot->tokDescription, sizeof(pInfo->label));
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-27 16:38:25 +0000