[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7022) Patch - Mozilla NSS - NSS_Init* functions are not thread safe

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7022) Patch - Mozilla NSS - NSS_Init* functions are not thread safe
From: hyc@symas.com
Date: Wed, 24 Aug 2011 22:35:10 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

rmeggins@redhat.com wrote:
> Full_Name: Rich Megginson
> Version: current tip of master branch
> OS: RHEL6
> URL: ftp://ftp.openldap.org/incoming/0001-NSS_Init-functions-are-not-thread-safe.patch
> Submission from: (NULL) (76.26.104.137)
>
>
> The NSS_InitContext et. al, and their corresponding shutdown functions,
> are not thread safe.  There can only be one thread at a time calling
> these functions.  Protect the calls with a mutex.  Create the mutex
> using a PR_CallOnce to ensure that the mutex is only created once and
> not used before created.  Move the registration of the nss shutdown
> callback to also use a PR_CallOnce.  Removed the call to
> SSL_ClearSessionCache() because it is always called at shutdown, and we must
> not call it more than once.

We generally assume that all initialization is done before threads are 
spawned. I seem to recall this is a requirement for GnuTLS, anyway.

I've applied this patch but it has a few issues. E.g., the LDAP_MUTEX macros 
are already defined relative to LDAP_R_COMPILE so they do not need to be 
protected by ifdefs. In fact the macros are there specifically to eliminate 
all of those ifdefs.

A couple of whitespace strangenesses too. I'll fix these here, thanks for the 
patch.
>
> These patch files are derived from OpenLDAP Software. All of the
> modifications to OpenLDAP Software represented in the following
> patch(es) were developed by Red Hat. Red Hat has not assigned rights
> and/or interest in this work to any party. I, Rich Megginson am
> authorized by Red Hat, my employer, to release this work under the
> following terms.
>
> Red Hat hereby place the following modifications to OpenLDAP Software
> (and only these modifications) into the public domain. Hence, these
> modifications may be freely used and/or redistributed for any purpose
> with or without attribution and/or other notice.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#7014) TLS: certificate hostnames are being checked when TLS_REQCERT is se to allow
Next by Date: Re: (ITS#7010) Deadlock in Producer/Consumer Nodes
Index(es):
- Chronological
- Thread