Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1444860 - PKCS #11 slot leakage hampers unload of nss-pem
PKCS #11 slot leakage hampers unload of nss-pem
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: curl (Show other bugs)
7.4
All Linux
medium Severity medium
: rc
: ---
Assigned To: Kamil Dudka
Stefan Dordevic
: Patch
Depends On:
Blocks: 1465901
  Show dependency treegraph
 
Reported: 2017-04-24 08:46 EDT by Kamil Dudka
Modified: 2018-04-10 07:46 EDT (History)
2 users (show)

See Also:
Fixed In Version: curl-7.29.0-43.el7
Doc Type: No Doc Update
Doc Text:
undefined
Story Points: ---
Clone Of:
: 1445392 (view as bug list)
Environment:
Last Closed: 2018-04-10 07:45:43 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
[WIP] test-case patch (2.65 KB, patch)
2018-02-09 06:43 EST, Kamil Dudka 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0732 None None None 2018-04-10 07:46 EDT

  None (edit)
Description Kamil Dudka 2017-04-24 08:46:54 EDT 
Description of problem:
The PKCS #11 slot object returned by SECMOD_WaitForAnyTokenEvent() is leaked, which later prevents nss-pem from being unloaded.


Version-Release number of selected component (if applicable):
curl-7.29.0-42.el7


Steps to Reproduce:
1. install nss-pem-1.0.3-2.el7
2. load a private key from file using libcurl


Actual results:
nss-pem fails to unload


Expected results:
nss-pem unloads properly


Additional info:
This bug was revealed by the following nss-pem commit:
https://github.com/kdudka/nss-pem/commit/eefef228

Unfortunately, reverting the commit would reintroduce the one second sleep after loading a private key, which is something we do not want to do?
Comment 2 Kamil Dudka 2017-04-25 08:17:12 EDT 
upstream commit:

https://github.com/curl/curl/commit/curl-7_54_0-24-gc8ea86f
Comment 3 Kamil Dudka 2017-04-25 10:48:07 EDT 
Removing the Regression keyword.  The bug is triggered by a change in nss-pem, so the change will be reverted.
Comment 8 Kamil Dudka 2017-09-13 04:12:53 EDT 
This can be tested by the test for bug #1445384 with patched nss-pem (after reverting the revert).
Comment 14 Kamil Dudka 2018-02-09 06:43 EST 
Created attachment 1393709 [details]
[WIP] test-case patch

Please clone /CoreOS/curl/Regression/bz694294-curl-AND-nss-need-to-be-able-to-use-pem-files and apply the attached patch on top if it.

It fails with:
libcurl-7.29.0-42.el7
nss-pem-1.0.3-2.el7

... but passes with:
libcurl-7.29.0-46
nss-pem-1.0.3-2.el7
Comment 18 errata-xmlrpc 2018-04-10 07:45:43 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0732
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.