Nelson B Bolyard wrote: > Wan-Teh Chang wrote, On 2008-08-15 19:36: >> 3. Change NSS_Init so that instead of doing nothing >> when NSS is already initialized: >> >> http://mxr.mozilla.org/security/source/security/nss/lib/nss/nssinit.c#448 >> 448 if (nss_IsInitted) { >> 449 return SECSuccess; >> 450 } >> >> it increments an initialization count. Then, NSS_Shutdown >> decrements the initialization count, and only shuts down >> NSS when the count reaches 0. > > Option 3 appeals to me the most, but I'm afraid it would break binary > compatibility to modify NSS_Shutdown as you described. Software that > now depends on a single call to the shutdown function always shutting > down NSS might end up not shutting down NSS.
What software is that? The docs say NSS_Init must only be called once; this would only be a problem if a piece of code called NSS_Init multiple times and still only called NSS_Shutdown once. Code written that way is clearly broken. > I can think of some ways to try to address that. We could perhaps do > the ref counting as you suggest in NSS_Init*, and then let the existing > NSS_Shutdown function always shutdown and clear the ref count, but add > a new shutdown function (NSS_CountedShutdown ?) that decrements the ref > count and if zero, then it calls NSS_Shutdown. Existing code only calls NSS_Shutdown. If you don't change the behavior of NSS_Shutdown, then you're still going to have the problem of the NSS library getting torn out from under unsuspecting apps. > This may necessitate adding locks to NSS_Init and NSS_Shutdown, since > those functions presently assume that the caller has achieved mutual > exclusion with other callers. I think you can solve the majority of cases by making the exported NSS_Shutdown decrement a counter as Wan-Teh suggested, but also install an atexit handler to invoke an NSS_RealShutdown function when the current app exits. Not sure if it needs to be an actual atexit slot, or a library destructor... -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
