Hi,
Shanks found an issue with obfuscated password which led to
https://fedorahosted.org/sssd/ticket/762
This patch fixes the issue but might introduce some memory leaks. It
does not remove nspr_nss_cleanup() at any other places, because for me
the usage looks safe there. But we really should push
https://fedorahosted.org/sssd/ticket/752 to get a code audit for our NSS
usage.
bye,
Sumit
From bb125714d610f9f5a64d842d25bc06272bffa9f0 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Wed, 5 Jan 2011 11:53:51 +0100
Subject: [PATCH] Do not call nspr_nss_cleanup() in sss_password_decrypt()
nspr_nss_cleanup() shuts down NSS globally and any other client of NSS in
the same process cannot access NSS anymore.
---
src/util/crypto/nss/nss_obfuscate.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/src/util/crypto/nss/nss_obfuscate.c
b/src/util/crypto/nss/nss_obfuscate.c
index 1c6eb1d..ca1e791 100644
--- a/src/util/crypto/nss/nss_obfuscate.c
+++ b/src/util/crypto/nss/nss_obfuscate.c
@@ -475,6 +475,5 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char
*b64encoded,
done:
PORT_Free(obfbuf);
talloc_free(tmp_ctx);
- nspr_nss_cleanup();
return ret;
}
--
1.7.3.3
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
