1390154 – SECMOD_OpenUserDB will allow multiple opens of the same database. [rhel-7]

Bug 1390154 - SECMOD_OpenUserDB will allow multiple opens of the same database. [rhel-7]

Summary: SECMOD_OpenUserDB will allow multiple opens of the same database. [rhel-7]

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	nss
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Daiki Ueno
QA Contact:	Hubert Kario
Docs Contact:
URL:
Whiteboard:
Depends On:	1387811
Blocks:	1352109 1378209 1425841 1425952
TreeView+	depends on / blocked

Reported:	2016-10-31 10:38 UTC by Hubert Kario
Modified:	2017-08-01 16:47 UTC (History)
CC List:	6 users (show)
Fixed In Version:	nss-3.28.3-4.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1387811
Environment:
Last Closed:	2017-08-01 16:47:42 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Patch cleans up handling different login states when more than one token is in use (4.38 KB, patch) 2017-05-05 22:59 UTC, Bob Relyea	no flags	Details \| Diff
Add ecc defaults to nss util (1.87 KB, patch) 2017-05-05 23:23 UTC, Bob Relyea	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Mozilla Foundation	1312141	None	None	None	2016-10-31 10:38:08 UTC
Red Hat Bugzilla	1449195	unspecified	CLOSED	problems with nss-softokn with DS replication	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHEA-2017:1977	normal	SHIPPED_LIVE	nss bug fix and enhancement update	2017-08-01 17:57:47 UTC

Internal Links: 1449195

Description Hubert Kario 2016-10-31 10:38:09 UTC

+++ This bug was initially created as a clone of Bug #1387811 +++

Description of problem:
It's not always safe to have multiple instances of the same database open in the same process. Because of this, the NSS initialization code will automatically combine multiple database opens into a single one. There is another way, however, to open databases: SECMOD_OpenUserDB().

This multiple open combined with a bug in softoken leads to the issue in the slapd in FIPS mode described in bug https://bugzilla.redhat.com/show_bug.cgi?id=1352109.

Comment 3 Kai Engert (:kaie) (inactive account) 2016-11-15 12:39:43 UTC

RHEL 7.4 will be rebased to NSS 3.28, which contains this bugfix.

Comment 16 Bob Relyea 2017-05-05 22:59:29 UTC

Created attachment 1276706 [details]
Patch cleans up handling different login states when more than one token is in use

Comment 18 Bob Relyea 2017-05-05 23:23:22 UTC

Created attachment 1276709 [details]
Add ecc defaults to nss util

This patch is relative to nss/lib/util . I think this code didn't make it upstream with the rest of the ECC default code.

Comment 20 mreynolds 2017-05-09 12:02:28 UTC

Created new bug as requested to track the new fix:

https://bugzilla.redhat.com/show_bug.cgi?id=1449195

Comment 23 errata-xmlrpc 2017-08-01 16:47:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1977

Note You need to log in before you can comment on or make changes to this bug.