[Muscle] Proposed patch to libmusclepkcs11 to fix C_CloseSession segfault after C_Logout with cards that don't support MSCLogoutAll

Mon, 17 Jul 2006 09:46:42 -0700

Attached is a proposed fix against 1.1.5 to the problem of closing sessions after logout.
The key of the problem is that when a token doesn't support MSCLogoutAll() (like the CAC), the card is reset instead. When closing the session, closeSessionLocked() calls slot_TokenChanged() which sees the reset and calls slot_Disconnect(), which calls slot_FreeSession(), which deletes the session. slot_TokenChanged returns 0, since it succeeded, but then closeSessionLocked() calls session_FreeSession() again. The bug is that the first session_FreeSession() already called free() on the session pointer held by closeSessionLocked(), so we segfault. 


What I did was to insert an extra condition before the second 
session_FreeSession() call.  This condition looks for a token change, 
and skips session_FreeSession() if it sees one.  The logic here is that 
if the token has reset or moved, then the sessions have already been 
closed so there's no need to do so again.



Would someone please sanity-check this for me?  Also, is there an 
official channel for submitting patches?



This works for the particular error I was first seeing.  However, I'm 
now seeing the same error occur through another pathway.  I've another 
piece of code that calls C_GetSlotList() after C_Logout(), and it 
crashes during session_FreeSession().  This bit o' code is Java, 
however, so I've not fully debugged it, and I think the problem here is 
that he shouldn't be logging out of the card at that point.



However, I do think that there is generally inadequate handling of a 
reset result of a logout event.  Anyone have any input?


-- Tim

--- muscleframework-1.1.5.orig/libmusclepkcs11/src/p11_session.c
+++ muscleframework-1.1.5/libmusclepkcs11/src/p11_session.c
@@ -101,7 +101,7 @@

     if (CKR_ERROR(rv = slot_TokenChanged()))
         rv = CKR_DEVICE_REMOVED;
-    else if (!CKR_ERROR(rv = session_FreeSession(session)))
+    else if (!msc_IsTokenChanged(&st.slots[slotID - 1].conn) && !CKR_ERROR(rv 
=         rv = slot_ReleaseConnection(slotID);

     return rv;



Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle






















					Reply via email to