diff options
author | Stef Walter <stefw@gnome.org> | 2012-09-18 16:26:06 +0200 |
---|---|---|
committer | Stef Walter <stefw@gnome.org> | 2012-09-18 16:37:20 +0200 |
commit | b5de8e1d514794f6ec3e8d79a766a9dae9eab6ea (patch) | |
tree | 7e0cb56c1286cbb0e413f78ce730c457f4f32b4a /p11-kit/modules.c | |
parent | 3e82c6182d913a3fd5cf904342a9a6fa44aef0d6 (diff) |
Refuse to load the p11-kit-proxy.so as a registered module
* Since p11-kit-proxy.so is a symlink to the libp11-kit.so library
we check that we are not calling into our known CK_FUNCTION_LIST
for the proxy code.
* Although such a configuration is invalid, detecting this directly
prevents strange initialization loop issues that are hard to debug.
https://bugs.freedesktop.org/show_bug.cgi?id=55052
Diffstat (limited to 'p11-kit/modules.c')
-rw-r--r-- | p11-kit/modules.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/p11-kit/modules.c b/p11-kit/modules.c index 9dc3a3a..a4ffc43 100644 --- a/p11-kit/modules.c +++ b/p11-kit/modules.c @@ -553,13 +553,19 @@ initialize_module_unlocked_reentrant (Module *mod) _p11_unlock (); if (!mod->initialize_called) { + assert (mod->funcs); - _p11_debug ("C_Initialize: calling"); + if (mod->funcs == &_p11_proxy_function_list) { + _p11_message ("refusing to load the p11-kit-proxy.so module as a registered module"); + rv = CKR_FUNCTION_FAILED; - assert (mod->funcs); - rv = mod->funcs->C_Initialize (&mod->init_args); + } else { + _p11_debug ("C_Initialize: calling"); - _p11_debug ("C_Initialize: result: %lu", rv); + rv = mod->funcs->C_Initialize (&mod->init_args); + + _p11_debug ("C_Initialize: result: %lu", rv); + } /* Module was initialized and C_Finalize should be called */ if (rv == CKR_OK) |