This causes crashes admin server in Red Hat Directory Server/389 because of mod_nss https://bugzilla.redhat.com/show_bug.cgi?id=618466 because mod_nss calls SSL_ClearSessionCache() during shutdown without checking to see if NSS_IsInitialized() is true. I can see where there is a chicken/egg problem here PZ_Lock(nssInitLock); if (!NSS_IsInitialized()) { you have to acquire the nssInitLock to make sure nssIsInitted isn't changed out from under you, but nssInitLock is NULL if nssIsInitted is 0. So one way to guard against using NULL nssInitLock would be to call: /* make sure our lock and condition variable are initialized one and only * one time */ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) { return SECFailure; } before the first attempt to use nssInitLock in any function that uses nssInitLock. That might be too heavyweight. another approach would be to use an atomic integer for nssIsInitted. NSPR provides pratom.h. That way you could be guaranteed that all accesses of nssIsInitted would be implicitly protected. The best approach would be to use static lock initialization like static pthread_mutex_t nssInitLock = PTHREAD_MUTEX_INITIALIZER; but I do not think NSPR has support for static PR_Lock initialization.
Created attachment 700186 [details] Changes since this bug was cloned in patch form No need to backport any patches, fix already in. We just need QE verification.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1318.html