Fix NSS DB cannot be shutdown if certification cannot be found
In find_certificate_by_callback, function return -1 directly without free resource if node is null, that will lead to nss shut down failed. The error message as below: could not shut down NSS: NSS could not shutdown. Objects are still in use. To fix this issue, free all resources before function return -1. References: bsn#381 Signed-off-by: Chenxi Mao <chenxi.mao@suse.com>
This commit is contained in:
Chenxi Mao
parent
92d2300c71
commit
69547bbf03
39
Bugfix-Free-resources-if-certificate-cannot-be-found.patch
Normal file
39
Bugfix-Free-resources-if-certificate-cannot-be-found.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From d8ea40d773dc1bcd90d8fc3b1f71ce49044ccef0 Mon Sep 17 00:00:00 2001
|
||||
From: Chenxi Mao <chenxi.mao@suse.com>
|
||||
Date: Tue, 13 Dec 2022 22:12:29 +0800
|
||||
Subject: [PATCH 1/1] Free resources if certificate cannot be found
|
||||
|
||||
In find_certificate_by_callback, function return -1 directly without
|
||||
free resource if node is null, that will lead to nss shut down failed.
|
||||
|
||||
The error message as below:
|
||||
could not shut down NSS: NSS could not shutdown. Objects are still in use.
|
||||
|
||||
To fix this issue, free all resources before function return -1.
|
||||
|
||||
Signed-off-by: Chenxi Mao <chenxi.mao@suse.com>
|
||||
---
|
||||
src/cms_common.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/cms_common.c b/src/cms_common.c
|
||||
index 1c54c90..24576f2 100644
|
||||
--- a/src/cms_common.c
|
||||
+++ b/src/cms_common.c
|
||||
@@ -878,8 +878,12 @@ find_certificate_by_callback(cms_context *cms,
|
||||
}
|
||||
}
|
||||
|
||||
- if (!node)
|
||||
+ if (!node) {
|
||||
+ PK11_DestroySlotListElement(slots, &psle);
|
||||
+ PK11_FreeSlotList(slots);
|
||||
+ CERT_DestroyCertList(certlist);
|
||||
cnreterr(-1, cms, "Could not find certificate");
|
||||
+ }
|
||||
|
||||
*cert = CERT_DupCertificate(node->cert);
|
||||
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
Name: pesign
|
||||
Summary: Signing utility for UEFI binaries
|
||||
Version: 115
|
||||
Release: 2
|
||||
Release: 3
|
||||
License: GPLv2
|
||||
URL: https://github.com/rhboot/pesign
|
||||
Source0: https://github.com/rhboot/pesign/archive/refs/tags/115.tar.gz
|
||||
@ -17,6 +17,7 @@ BuildRequires: nss-devel >= 3.13.6-1 efivar-devel >= 31-1 libuuid-devel tar xz
|
||||
BuildRequires: python3-rpm-macros python3 systemd python3-devel gcc mandoc
|
||||
|
||||
Patch0001: Bugfix-cms_common-fix-cert-match-check.patch
|
||||
Patch0002: Bugfix-Free-resources-if-certificate-cannot-be-found.patch
|
||||
|
||||
# Feature: support SM2 and SM3
|
||||
Patch9000: Feature-pesign-support-SM3-digest-algorithm.patch
|
||||
@ -98,6 +99,9 @@ exit 0
|
||||
%{_mandir}/man*/*
|
||||
|
||||
%changelog
|
||||
* Mon Dec 19 2022 Chenxi Mao <chenxi.mao@suse.com> - 115-3
|
||||
- Free resources if certification cannot be found.
|
||||
|
||||
* Sat Nov 12 2022 luhuaxin <luhuaxin1@huawei.com> - 115-2
|
||||
- fix certificate chain bug
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user