Fix probing of C_GetInterface #535
Conversation
`p11_dl_symbol (dl, "C_GetInterface")` uses dlsym() to find
C_GetInterface in the loaded pkcs11 module. For legacy (pre-3.0) pkcs11
modules, C_GetInterface is not defined in the module. But according to
the documentation of dlsym():
The search performed by dlsym() is breadth first through the
dependency tree of these shared objects.
So if a pkcs11 module links to libp11-kit.so, the C_GetInterface
implementation in libp11-kit.so itself will be found. This
C_GetInterface will return the metadata of p11-kit-proxy.so, causing
"Refuse to load the p11-kit-proxy.so as a registered module".
To solve the issue, if p11_dl_symbol() returns the C_GetInterface in
libp11-kit.so itself, we should ignore it and continue trying
C_GetFunctionList.
xry111
force-pushed
the
xry111/fix-get-interface-check
branch
from
06b3285
to
5edad66
Compare
|
Hey, I notice this fix is not released yet. It seems p11-kit 0.25.0 breaks glib-networking's tests because its mock-pkcs11.so fails to load, and this pull request fixes it. Perhaps time for a 0.25.1 release? |
The new release is at least one feature and few bug fixes away. I guess we will make 0.25.1 release in October. Unless something very urgent comes. |
|
I've also found that it seems p11-kit 0.25.0(466a31b) breaks glib-networking's tests, but this commit doesn't fix it completely, and there are still some test cases that fail. |
It makes the test result clean for me (with glib-networking-2.78.0): I've not enabled libproxy or openssl though. |
The patch of the community is integrated based on the 2.76.1 version, but the test case still fails. What are the versions of glib2 and gnutls you use? |
glib-2.78.0 and gnutls-3.8.0. I'll update to gnutls-3.8.1 and try again... |
Same result with gnutls-3.8.1. |
|
Feel free to report a glib-networking issue (when GNOME GitLab recovers; currently it is broken) with a backtrace showing where the test is failing, unless you have some reason to believe p11-kit is to blame for those failures. |
|
Thank you for your reply. I tried again and rebuilt it based on p11-kit. The glib-networking'test was successful |
Fixes issue where the wrong C_GetInterface may get loaded. p11-glue/p11-kit#535
Fixes issue where the wrong C_GetInterface may get loaded. p11-glue/p11-kit#535
Fixes issue where the wrong C_GetInterface may get loaded. p11-glue/p11-kit#535
Fixes issue where the wrong C_GetInterface may get loaded. p11-glue/p11-kit#535
Fixes issue where the wrong C_GetInterface may get loaded. p11-glue/p11-kit#535
Fixes issue where the wrong C_GetInterface may get loaded. p11-glue/p11-kit#535
Fixes issue where the wrong C_GetInterface may get loaded. p11-glue/p11-kit#535
Fixes issue where the wrong C_GetInterface may get loaded. p11-glue/p11-kit#535 void-linux/void-packages@4653d29
Fixes issue where the wrong C_GetInterface may get loaded. p11-glue/p11-kit#535
p11_dl_symbol (dl, "C_GetInterface")uses dlsym() to find C_GetInterface in the loaded pkcs11 module. For legacy (pre-3.0) pkcs11 modules, C_GetInterface is not defined in the module. But according to the documentation of dlsym():So if a pkcs11 module links to libp11-kit.so, the C_GetInterface implementation in libp11-kit.so itself will be found. This C_GetInterface will return the metadata of p11-kit-trust.so, causing "Refuse to load the p11-kit-proxy.so as a registered module".
To solve the issue, if p11_dl_symbol() returns the C_GetInterface in libp11-kit.so itself, we should ignore it and continue trying C_GetFunctionList.