1387811 – SECMOD_OpenUserDB will allow multiple opens of the same database. [rhel-6]

Bug 1387811 - SECMOD_OpenUserDB will allow multiple opens of the same database. [rhel-6]

Summary: SECMOD_OpenUserDB will allow multiple opens of the same database. [rhel-6]

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	nss
Sub Component:
Version:	6.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Bob Relyea
QA Contact:	Hubert Kario
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1352109 1390154 1411346 1425841 1425952
TreeView+	depends on / blocked

Reported:	2016-10-22 00:32 UTC by Bob Relyea
Modified:	2017-03-21 10:27 UTC (History)
CC List:	6 users (show)
Fixed In Version:	nss-3.27.1-3.el6
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1390154 (view as bug list)
Environment:
Last Closed:	2017-03-21 10:27:35 UTC
Target Upstream Version:

Attachments	(Terms of Use)
First cut at a patch to fix multiple loads of the same database. (7.12 KB, patch) 2016-10-22 00:37 UTC, Bob Relyea	no flags	Details \| Diff
Allow non-login access to the create slot interface. (1.34 KB, patch) 2016-11-29 19:09 UTC, Bob Relyea	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Mozilla Foundation	1312141	0	None	None	None	2016-10-22 00:48:18 UTC
Red Hat Product Errata	RHEA-2017:0671	0	normal	SHIPPED_LIVE	nspr and nss bug fix update	2017-03-21 12:35:29 UTC

Description Bob Relyea 2016-10-22 00:32:56 UTC

Description of problem:
It's not always safe to have multiple instances of the same database open in the same process. Because of this, the NSS initialization code will automatically combine multiple database opens into a single one. There is another way, however, to open databases: SECMOD_OpenUserDB().

This multiple open combined with a bug in softoken leads to the issue in the slapd in FIPS mode described in bug https://bugzilla.redhat.com/show_bug.cgi?id=1352109.

Comment 1 Bob Relyea 2016-10-22 00:37:07 UTC

Created attachment 1212990 [details]
First cut at a patch to fix multiple loads of the same database.

Comment 2 Bob Relyea 2016-10-22 00:46:09 UTC

The related softoken issue is documented in bug 1387812.

Comment 13 Bob Relyea 2016-11-29 19:09:01 UTC

Created attachment 1225994 [details]
Allow non-login access to the create slot interface.

Comment 19 errata-xmlrpc 2017-03-21 10:27:35 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2017-0671.html

Note You need to log in before you can comment on or make changes to this bug.