diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-06-24 09:43:57 +0200 |
|---|---|---|
| committer | Stef Walter <stefw@redhat.com> | 2015-06-29 13:49:16 +0200 |
| commit | cacaf8cd0b0a4f2cd61b61b012cd5cbf715fe38f (patch) | |
| tree | 8443c16801a6ba770830321b92f82929a7d37ef6 /p11-kit | |
| parent | c73edd002462ca1185de1e9e72d9f68f01c93f32 (diff) | |
In proxy module don't call C_Finalize on a forked process.
This corrects a deadlock on the forked process. The deadlock
happened because the proxy called C_Finalize prior to a C_Initialize
which is wrong according to PKCS #11 (2.40). This patch eliminates
the C_Finalize call in that case.
This resolves #90289
https://bugs.freedesktop.org/show_bug.cgi?id=90289
Reviewed-by: Stef Walter <stefw@redhat.com>
Diffstat (limited to 'p11-kit')
| -rw-r--r-- | p11-kit/proxy.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c index db2acb8..28fd186 100644 --- a/p11-kit/proxy.c +++ b/p11-kit/proxy.c @@ -98,6 +98,7 @@ static State *all_instances = NULL; static State global = { { { { -1, -1 }, NULL, }, }, NULL, NULL, FIRST_HANDLE, NULL }; #define PROXY_VALID(px) ((px) && (px)->forkid == p11_forkid) +#define PROXY_FORKED(px) ((px) && (px)->forkid != p11_forkid) #define MANUFACTURER_ID "PKCS#11 Kit " #define LIBRARY_DESCRIPTION "PKCS#11 Kit Proxy Module " @@ -187,10 +188,11 @@ map_session_to_real (Proxy *px, } static void -proxy_free (Proxy *py) +proxy_free (Proxy *py, unsigned finalize) { if (py) { - p11_kit_modules_finalize (py->inited); + if (finalize) + p11_kit_modules_finalize (py->inited); free (py->inited); p11_dict_free (py->sessions); free (py->mappings); @@ -227,7 +229,7 @@ proxy_C_Finalize (CK_X_FUNCTION_LIST *self, p11_unlock (); - proxy_free (py); + proxy_free (py, 1); } p11_debug ("out: %lu", rv); @@ -301,7 +303,7 @@ proxy_create (Proxy **res) } if (rv != CKR_OK) { - proxy_free (py); + proxy_free (py, 1); return rv; } @@ -331,8 +333,13 @@ proxy_C_Initialize (CK_X_FUNCTION_LIST *self, p11_lock (); if (!PROXY_VALID (state->px)) { + unsigned call_finalize = 1; + initialize = true; - proxy_free (state->px); + if (PROXY_FORKED(state->px)) + call_finalize = 0; + proxy_free (state->px, call_finalize); + state->px = NULL; } else { state->px->refs++; @@ -360,7 +367,7 @@ proxy_C_Initialize (CK_X_FUNCTION_LIST *self, p11_unlock (); - proxy_free (py); + proxy_free (py, 1); p11_debug ("out: 0"); return rv; } |