Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
openCryptoki
ocki-3.1_03_ock_obj_mgr.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ocki-3.1_03_ock_obj_mgr.patch of Package openCryptoki
commit 099a3a110a733ef3a91c41a88dcd45f15af8a6cd Author: Joy Latten <jmlatten@linux.vnet.ibm.com> Date: Wed Feb 12 12:06:53 2014 -0600 Scenario: processA creates private token key object and before he can use it, processB gets it, uses it, and deletes it. Because opencryptoki was not checking the global token object count, process B segfaulted when count was zero, thinking there were objects in shared memory to search. Also, it was not checking return code of object_mgr_check_shm() in object_mgr_find_in_map1 to see if anything was found in shm. And lastly, return correct error code. Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com> diff --git a/usr/lib/pkcs11/common/obj_mgr.c b/usr/lib/pkcs11/common/obj_mgr.c index 92c11c2..8d42d9e 100755 --- a/usr/lib/pkcs11/common/obj_mgr.c +++ b/usr/lib/pkcs11/common/obj_mgr.c @@ -1340,13 +1340,28 @@ object_mgr_find_in_map1( CK_OBJECT_HANDLE handle, goto done; } -// SAB XXX Fix me.. need to make it more efficient than just looking for the object to be changed -// set a global flag that contains the ref count to all objects.. if the shm ref count changes, then we update the object -// if not - - XProcLock(); - object_mgr_check_shm( obj ); - XProcUnLock(); + /* SAB XXX Fix me.. need to make it more efficient than just looking + * for the object to be changed. set a global flag that contains the + * ref count to all objects.. if the shm ref count changes, then we + * update the object. if not + */ + + /* Note: Each C_Initialize call loads up the public token objects + * and build corresponding tree(s). The same for private token objects + * upon successful C_Login. Since token objects can be shared, it is + * possible another process or session has deleted a token object. + * Accounting is done in shm, so check shm to see if object still exists. + */ + if (!object_is_session_object(obj)) { + XProcLock(); + rc = object_mgr_check_shm( obj ); + XProcUnLock(); + + if (rc != CKR_OK) { + OCK_LOG_ERR(ERR_FUNCTION_FAILED); + goto done; + } + } *ptr = obj; done: @@ -2101,8 +2116,8 @@ object_mgr_del_from_shm( OBJECT *obj ) 0, global_shm->num_priv_tok_obj-1, obj, &index ); if (rc != CKR_OK){ - OCK_LOG_ERR(ERR_FUNCTION_FAILED); - return CKR_FUNCTION_FAILED; + OCK_LOG_ERR(ERR_OBJMGR_SEARCH); + return rc; } // Since the number of objects starts at 1 and index starts at zero, we // decrement before we get count. This eliminates the need to perform @@ -2139,8 +2154,8 @@ object_mgr_del_from_shm( OBJECT *obj ) 0, global_shm->num_publ_tok_obj-1, obj, &index ); if (rc != CKR_OK){ - OCK_LOG_ERR(ERR_FUNCTION_FAILED); - return CKR_FUNCTION_FAILED; + OCK_LOG_ERR(ERR_OBJMGR_SEARCH); + return rc; } global_shm->num_publ_tok_obj--; @@ -2189,25 +2204,36 @@ object_mgr_check_shm( OBJECT *obj ) // the calling routine is responsible for locking the global_shm mutex // + /* first check the object count. If it is 0, then just return. */ priv = object_is_private( obj ); if (priv) { + + if (global_shm->num_priv_tok_obj == 0) { + OCK_LOG_ERR(ERR_OBJECT_HANDLE_INVALID); + return CKR_OBJECT_HANDLE_INVALID; + } rc = object_mgr_search_shm_for_obj( global_shm->priv_tok_objs, 0, global_shm->num_priv_tok_obj-1, obj, &index ); if (rc != CKR_OK){ - OCK_LOG_ERR(ERR_FUNCTION_FAILED); - return CKR_FUNCTION_FAILED; + OCK_LOG_ERR(ERR_OBJMGR_SEARCH); + return rc; } entry = &global_shm->priv_tok_objs[index]; } else { + + if (global_shm->num_publ_tok_obj == 0) { + OCK_LOG_ERR(ERR_OBJECT_HANDLE_INVALID); + return CKR_OBJECT_HANDLE_INVALID; + } rc = object_mgr_search_shm_for_obj( global_shm->publ_tok_objs, 0, global_shm->num_publ_tok_obj-1, obj, &index ); if (rc != CKR_OK){ - OCK_LOG_ERR(ERR_FUNCTION_FAILED); - return CKR_FUNCTION_FAILED; + OCK_LOG_ERR(ERR_OBJMGR_SEARCH); + return rc; } entry = &global_shm->publ_tok_objs[index]; } @@ -2256,8 +2282,8 @@ object_mgr_search_shm_for_obj( TOK_OBJ_ENTRY * obj_list, } } } - OCK_LOG_ERR(ERR_FUNCTION_FAILED); - return CKR_FUNCTION_FAILED; + OCK_LOG_ERR(ERR_OBJECT_HANDLE_INVALID); + return CKR_OBJECT_HANDLE_INVALID; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor