diff options
author | rcritten <> | 2011-03-02 21:12:05 +0000 |
---|---|---|
committer | rcritten <> | 2011-03-02 21:12:05 +0000 |
commit | f656ffc036af239a4236f1c1fc97e32a809d470d (patch) | |
tree | 334e7b4af59abcd246d345f2ddadb5a659c1598c /nss_engine_pphrase.c | |
parent | 1a10bf6ecc79da62bba901758feaa134aa4d50ca (diff) | |
download | mod_nss-f656ffc036af239a4236f1c1fc97e32a809d470d.tar.gz mod_nss-f656ffc036af239a4236f1c1fc97e32a809d470d.tar.xz mod_nss-f656ffc036af239a4236f1c1fc97e32a809d470d.zip |
Add a semaphore lock around retrieving token PINs from the nss_pcache
pipe. Rarely requests to the pipe were getting overridden causing
that child to not enable SSL.
Fedora bug 677701
Diffstat (limited to 'nss_engine_pphrase.c')
-rw-r--r-- | nss_engine_pphrase.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/nss_engine_pphrase.c b/nss_engine_pphrase.c index eb66029..a27de6f 100644 --- a/nss_engine_pphrase.c +++ b/nss_engine_pphrase.c @@ -279,6 +279,16 @@ static char *nss_get_password(FILE *input, FILE *output, char buf[1024]; apr_status_t rv; apr_size_t nBytes = 1024; + struct sembuf sb; + + /* lock the pipe */ + sb.sem_num = 0; + sb.sem_op = -1; + sb.sem_flg = SEM_UNDO; + if (semop(parg->mc->semid, &sb, 1) == -1) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, + "Unable to reserve semaphore resource"); + } snprintf(buf, 1024, "RETR\t%s", token_name); rv = apr_file_write_full(parg->mc->proc.in, buf, strlen(buf), NULL); @@ -293,6 +303,13 @@ static char *nss_get_password(FILE *input, FILE *output, */ memset(buf, 0, sizeof(buf)); rv = apr_file_read(parg->mc->proc.out, buf, &nBytes); + sb.sem_op = 1; + if (semop(parg->mc->semid, &sb, 1) == -1) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, + "Unable to free semaphore resource"); + /* perror("semop free resource id"); */ + } + if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "Unable to read from pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv); |