diff options
author | Stef Walter <stefw@gnome.org> | 2013-06-05 10:41:19 +0200 |
---|---|---|
committer | Stef Walter <stefw@gnome.org> | 2013-06-05 13:18:50 +0200 |
commit | 3dc38f294af5bbe1939d38ec9b3fcd699f97c8ce (patch) | |
tree | 7cb98f9deaa112a431a6595e3d998569905d8ac9 /trust | |
parent | cf91dc6975424e3ba3971e4496e91036e97419e5 (diff) |
trust: Fix reinitialization of trust module
Track number of C_Initialize calls, and require similar number
of C_Finalize calls to finalize.
This fixes leaks/disappearing sessions in the trust module.
https://bugs.freedesktop.org/show_bug.cgi?id=65401
Diffstat (limited to 'trust')
-rw-r--r-- | trust/module.c | 25 | ||||
-rw-r--r-- | trust/tests/frob-multi-init.c | 69 | ||||
-rw-r--r-- | trust/tests/test-module.c | 49 |
3 files changed, 139 insertions, 4 deletions
diff --git a/trust/module.c b/trust/module.c index 7595ba1..15a4890 100644 --- a/trust/module.c +++ b/trust/module.c @@ -65,10 +65,11 @@ #define BASE_SLOT_ID 18UL static struct _Shared { + int initialized; p11_dict *sessions; p11_array *tokens; char *paths; -} gl = { NULL, NULL }; +} gl = { 0, NULL, NULL, NULL }; /* Used during FindObjects */ typedef struct _FindObjects { @@ -354,10 +355,13 @@ sys_C_Finalize (CK_VOID_PTR reserved) } else { p11_lock (); - if (!gl.sessions) { + if (gl.initialized == 0) { + p11_debug ("trust module is not initialized"); rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { + } else if (gl.initialized == 1) { + p11_debug ("doing finalization"); + free (gl.paths); gl.paths = NULL; @@ -368,6 +372,11 @@ sys_C_Finalize (CK_VOID_PTR reserved) gl.tokens = NULL; rv = CKR_OK; + gl.initialized = 0; + + } else { + gl.initialized--; + p11_debug ("trust module still initialized %d times", gl.initialized); } p11_unlock (); @@ -416,11 +425,17 @@ sys_C_Initialize (CK_VOID_PTR init_args) rv = CKR_CANT_LOCK; } + if (rv == CKR_OK && gl.initialized != 0) { + p11_debug ("trust module already initialized %d times", + gl.initialized); + /* * We support setting the socket path and other arguments from from the * pReserved pointer, similar to how NSS PKCS#11 components are initialized. */ - if (rv == CKR_OK) { + } else if (rv == CKR_OK) { + p11_debug ("doing initialization"); + if (args->pReserved) parse_arguments ((const char*)args->pReserved); @@ -438,6 +453,8 @@ sys_C_Initialize (CK_VOID_PTR init_args) } } + gl.initialized++; + p11_unlock (); if (rv != CKR_OK) diff --git a/trust/tests/frob-multi-init.c b/trust/tests/frob-multi-init.c new file mode 100644 index 0000000..d966540 --- /dev/null +++ b/trust/tests/frob-multi-init.c @@ -0,0 +1,69 @@ +/* + * gcc -Wall -o frob-multi-init $(pkg-config p11-kit-1 --cflags --libs) -ldl frob-multi-init.c + */ + +#include <assert.h> +#include <dlfcn.h> +#include <stdio.h> + +#include <p11-kit/p11-kit.h> + +#define TRUST_SO "/usr/lib64/pkcs11/p11-kit-trust.so" + +int +main (void) +{ + CK_C_INITIALIZE_ARGS args = + { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; + CK_C_GetFunctionList C_GetFunctionList; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST *module; + CK_SLOT_ID slots[8]; + CK_SESSION_INFO info; + CK_ULONG count; + CK_RV rv; + void *dl; + + dl = dlopen (TRUST_SO, RTLD_LOCAL | RTLD_NOW); + if (dl == NULL) + fprintf (stderr, "%s\n", dlerror()); + assert (dl != NULL); + + C_GetFunctionList = dlsym (dl, "C_GetFunctionList"); + assert (C_GetFunctionList != NULL); + + rv = C_GetFunctionList (&module); + assert (rv == CKR_OK); + assert (module != NULL); + + rv = module->C_Initialize (&args); + assert (rv == CKR_OK); + + count = 8; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + assert (rv == CKR_OK); + assert (count > 1); + + rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + assert (rv == CKR_OK); + + rv = p11_kit_initialize_registered (); + assert (rv == CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + if (rv == CKR_OK) { + printf ("no reinitialization bug\n"); + return 0; + + } else if (rv == CKR_SESSION_HANDLE_INVALID) { + printf ("reinitialization bug present\n"); + return 1; + + } else { + printf ("another error: %lu\n", rv); + return 1; + } +} diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c index 16d8037..7f0b1a5 100644 --- a/trust/tests/test-module.c +++ b/trust/tests/test-module.c @@ -144,6 +144,54 @@ test_get_slot_list (CuTest *cu) } static void +test_multi_initialize (CuTest *cu) +{ + static CK_C_INITIALIZE_ARGS args = + { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; + CK_FUNCTION_LIST *module; + CK_SESSION_HANDLE session; + CK_SLOT_ID slots[8]; + CK_SESSION_INFO info; + CK_ULONG count; + CK_RV rv; + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&module); + CuAssertTrue (cu, rv == CKR_OK); + + rv = module->C_Initialize (&args); + CuAssertTrue (cu, rv == CKR_OK); + + count = 8; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + CuAssertTrue (cu, rv == CKR_OK); + CuAssertTrue (cu, count > 0); + + rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + CuAssertTrue (cu, rv == CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + CuAssertTrue (cu, rv == CKR_OK); + CuAssertTrue (cu, info.slotID == slots[0]); + + rv = module->C_Initialize (&args); + CuAssertTrue (cu, rv == CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + CuAssertTrue (cu, rv == CKR_OK); + CuAssertTrue (cu, info.slotID == slots[0]); + + rv = module->C_Finalize (NULL); + CuAssertIntEquals (cu, CKR_OK, rv); + + rv = module->C_Finalize (NULL); + CuAssertIntEquals (cu, CKR_OK, rv); + + rv = module->C_Finalize (NULL); + CuAssertIntEquals (cu, CKR_CRYPTOKI_NOT_INITIALIZED, rv); +} + +static void test_get_slot_info (CuTest *cu) { CK_SLOT_ID slots[NUM_SLOTS]; @@ -1009,6 +1057,7 @@ main (void) putenv ("P11_KIT_STRICT=1"); p11_library_init (); + SUITE_ADD_TEST (suite, test_multi_initialize); SUITE_ADD_TEST (suite, test_get_slot_list); SUITE_ADD_TEST (suite, test_get_slot_info); SUITE_ADD_TEST (suite, test_get_token_info); |