Refuse to load the p11-kit-proxy.so as a registered module

* Since p11-kit-proxy.so is a symlink to the libp11-kit.so library we check that we are not calling into our known CK_FUNCTION_LIST for the proxy code. * Although such a configuration is invalid, detecting this directly prevents strange initialization loop issues that are hard to debug. https://bugs.freedesktop.org/show_bug.cgi?id=55052
author: Stef Walter <stefw@gnome.org> 2012-09-18 16:26:06 +0200
committer: Stef Walter <stefw@gnome.org> 2012-09-18 16:37:20 +0200
commit: b5de8e1d514794f6ec3e8d79a766a9dae9eab6ea (patch)
tree: 7e0cb56c1286cbb0e413f78ce730c457f4f32b4a /p11-kit/modules.c
parent: 3e82c6182d913a3fd5cf904342a9a6fa44aef0d6 (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/p11-kit/modules.c b/p11-kit/modules.c
index 9dc3a3a..a4ffc43 100644
--- a/p11-kit/modules.c
+++ b/p11-kit/modules.c
@@ -553,13 +553,19 @@ initialize_module_unlocked_reentrant (Module *mod)
 	_p11_unlock ();
 
 	if (!mod->initialize_called) {
+		assert (mod->funcs);
 
-		_p11_debug ("C_Initialize: calling");
+		if (mod->funcs == &_p11_proxy_function_list) {
+			_p11_message ("refusing to load the p11-kit-proxy.so module as a registered module");
+			rv = CKR_FUNCTION_FAILED;
 
-		assert (mod->funcs);
-		rv = mod->funcs->C_Initialize (&mod->init_args);
+		} else {
+			_p11_debug ("C_Initialize: calling");
 
-		_p11_debug ("C_Initialize: result: %lu", rv);
+			rv = mod->funcs->C_Initialize (&mod->init_args);
+
+			_p11_debug ("C_Initialize: result: %lu", rv);
+		}
 
 		/* Module was initialized and C_Finalize should be called */
 		if (rv == CKR_OK)
author	Stef Walter <stefw@gnome.org>	2012-09-18 16:26:06 +0200
committer	Stef Walter <stefw@gnome.org>	2012-09-18 16:37:20 +0200
commit	b5de8e1d514794f6ec3e8d79a766a9dae9eab6ea (patch)
tree	7e0cb56c1286cbb0e413f78ce730c457f4f32b4a /p11-kit/modules.c
parent	3e82c6182d913a3fd5cf904342a9a6fa44aef0d6 (diff)