Hi, Shanks found an issue with obfuscated password which led to https://fedorahosted.org/sssd/ticket/762
This patch fixes the issue but might introduce some memory leaks. It does not remove nspr_nss_cleanup() at any other places, because for me the usage looks safe there. But we really should push https://fedorahosted.org/sssd/ticket/752 to get a code audit for our NSS usage. bye, Sumit
From bb125714d610f9f5a64d842d25bc06272bffa9f0 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Wed, 5 Jan 2011 11:53:51 +0100 Subject: [PATCH] Do not call nspr_nss_cleanup() in sss_password_decrypt() nspr_nss_cleanup() shuts down NSS globally and any other client of NSS in the same process cannot access NSS anymore. --- src/util/crypto/nss/nss_obfuscate.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/src/util/crypto/nss/nss_obfuscate.c b/src/util/crypto/nss/nss_obfuscate.c index 1c6eb1d..ca1e791 100644 --- a/src/util/crypto/nss/nss_obfuscate.c +++ b/src/util/crypto/nss/nss_obfuscate.c @@ -475,6 +475,5 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, done: PORT_Free(obfbuf); talloc_free(tmp_ctx); - nspr_nss_cleanup(); return ret; } -- 1.7.3.3
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel