Details

    • Type: Bug Bug
    • Status: Reopened
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 9.1pe
    • Fix Version/s: 9.1pe
    • Component/s: security
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      3,121

      Description

      > Could you please forward this bug reported from Sanjeev Krishnan's
      > code analysis tool.
      >
      > thanks, Larry White

      >
      > NssStore
      > Race Condition
      > read/write to _password not adequately synchronized
      >
      > 093 public static String getNssDbPassword()
      > 094 {
      > 095 if (_password == null)

      { > 096 _password = System.getProperty(SystemPropertyConstants.NSS_DB_PASSWORD_PROPERTY); > Race Condition : Write / read to static field NssStore._password is NOT adequately synchronized. > 097 }

      > 098 return _password;
      > 099 }

        Activity

        Hide
        kumarjayanti added a comment -

        The fix for the reported race condition is ready. However there needs to be an
        investigation on why a SYSTEM property is being used at all :

        System.getProperty(SystemPropertyConstants.NSS_DB_PASSWORD_PROPERTY);

        Show
        kumarjayanti added a comment - The fix for the reported race condition is ready. However there needs to be an investigation on why a SYSTEM property is being used at all : System.getProperty(SystemPropertyConstants.NSS_DB_PASSWORD_PROPERTY);
        Hide
        gfbugbridge added a comment -

        <BT6565526>

        Show
        gfbugbridge added a comment - <BT6565526>
        Hide
        kumarjayanti added a comment -

        Fixed the race condition.
        May file another issue after discussion with RON on whether or not the System
        Property should have been used.

        Show
        kumarjayanti added a comment - Fixed the race condition. May file another issue after discussion with RON on whether or not the System Property should have been used.
        Hide
        dpatil added a comment -

        Broke enterprise profile after this change, so reverted the checkin.

        Show
        dpatil added a comment - Broke enterprise profile after this change, so reverted the checkin.
        Hide
        rameshm added a comment -

        As per agreement in bugscum meeting, changing the priority to P4. Bugswat team felt
        that, this is not a must fix for AS 9.1 and may be risky to attempt to fix at
        this time in AS 9.1.

        Show
        rameshm added a comment - As per agreement in bugscum meeting, changing the priority to P4. Bugswat team felt that, this is not a must fix for AS 9.1 and may be risky to attempt to fix at this time in AS 9.1.

          People

          • Assignee:
            kumarjayanti
            Reporter:
            kumarjayanti
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: