proxy: Reuse the existing slot ID mapping after fork

While the proxy module reassigns slot IDs in C_Initialize(), some applications assume that valid slot IDs should never change across multiple calls to C_Initialize(). This patch mitigates this by preserving the slot IDs, if they are known to the proxy module.
ueno · Jan 16, 2018 · 88a9f67 · 88a9f67
1 parent 50b752e
commit 88a9f67
Showing 1 changed file with 48 additions and 23 deletions.
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
@@ -188,18 +188,24 @@ map_session_to_real (Proxy *px,
 }
 
 static void
-proxy_free (Proxy *py, unsigned finalize)
+proxy_destroy (Proxy *py, unsigned finalize)
 {
 	if (py) {
 		if (finalize)
 			p11_kit_modules_finalize (py->inited);
 		free (py->inited);
 		p11_dict_free (py->sessions);
 		free (py->mappings);
-		free (py);
 	}
 }
 
+static void
+proxy_free (Proxy *py, unsigned finalize)
+{
+	proxy_destroy (py, finalize);
+	free (py);
+}
+
 static CK_RV
 proxy_C_Finalize (CK_X_FUNCTION_LIST *self,
                   CK_VOID_PTR reserved)
@@ -248,17 +254,14 @@ modules_dup (CK_FUNCTION_LIST **modules)
 }
 
 static CK_RV
-proxy_create (Proxy **res)
+proxy_init (Proxy *py)
 {
 	CK_FUNCTION_LIST_PTR *f;
 	CK_FUNCTION_LIST_PTR funcs;
 	CK_SLOT_ID_PTR slots;
 	CK_ULONG i, count;
+	unsigned int j;
 	CK_RV rv = CKR_OK;
-	Proxy *py;
-
-	py = calloc (1, sizeof (Proxy));
-	return_val_if_fail (py != NULL, CKR_HOST_MEMORY);
 
 	py->forkid = p11_forkid;
 
@@ -287,33 +290,37 @@ proxy_create (Proxy **res)
 
 			return_val_if_fail (count == 0 || slots != NULL, CKR_GENERAL_ERROR);
 
-			if (count > 0) {
-				py->mappings = realloc (py->mappings, sizeof (Mapping) * (py->n_mappings + count));
-				return_val_if_fail (py->mappings != NULL, CKR_HOST_MEMORY);
-
-				/* And now add a mapping for each of those slots */
-				for (i = 0; i < count; ++i) {
-					py->mappings[py->n_mappings].funcs = funcs;
-					py->mappings[py->n_mappings].wrap_slot = py->n_mappings + MAPPING_OFFSET;
-					py->mappings[py->n_mappings].real_slot = slots[i];
-					++py->n_mappings;
+			/* And now add a mapping for each of those slots */
+			for (i = 0; i < count; ++i) {
+				/* Reuse the existing mapping if any */
+				for (j = 0; j < py->n_mappings; ++j) {
+					if (py->mappings[j].funcs == funcs &&
+					    py->mappings[j].real_slot == slots[i])
+						break;
 				}
+				if (j < py->n_mappings)
+					continue;
+				py->mappings = realloc (py->mappings, sizeof (Mapping) * (py->n_mappings + 1));
+				return_val_if_fail (py->mappings != NULL, CKR_HOST_MEMORY);
+				py->mappings[py->n_mappings].funcs = funcs;
+				py->mappings[py->n_mappings].wrap_slot = py->n_mappings + MAPPING_OFFSET;
+				py->mappings[py->n_mappings].real_slot = slots[i];
+				++py->n_mappings;
 			}
 
 			free (slots);
 		}
 	}
 
 	if (rv != CKR_OK) {
-		proxy_free (py, 1);
+		proxy_destroy (py, 1);
 		return rv;
 	}
 
 	py->sessions = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free);
 	return_val_if_fail (py->sessions != NULL, CKR_HOST_MEMORY);
 	py->refs = 1;
 
-	*res = py;
 	return CKR_OK;
 }
 
@@ -323,8 +330,10 @@ proxy_C_Initialize (CK_X_FUNCTION_LIST *self,
 {
 	State *state = (State *)self;
 	bool initialize = false;
-	Proxy *py;
-	CK_RV rv;
+	Mapping *mappings = NULL;
+	unsigned int n_mappings = 0;
+	Proxy *py = NULL;
+	CK_RV rv = CKR_OK;
 
 	p11_library_init_once ();
 
@@ -338,8 +347,15 @@ proxy_C_Initialize (CK_X_FUNCTION_LIST *self,
 			unsigned call_finalize = 1;
 
 			initialize = true;
-			if (PROXY_FORKED(state->px))
+			if (PROXY_FORKED(state->px)) {
 				call_finalize = 0;
+				if (state->px->mappings) {
+					mappings = memdup (state->px->mappings, sizeof (Mapping) * state->px->n_mappings);
+					if (!mappings)
+						rv = CKR_HOST_MEMORY;
+					n_mappings = state->px->n_mappings;
+				}
+			}
 			proxy_free (state->px, call_finalize);
 
 			state->px = NULL;
@@ -349,12 +365,21 @@ proxy_C_Initialize (CK_X_FUNCTION_LIST *self,
 
 	p11_unlock ();
 
+	if (rv != CKR_OK)
+		return rv;
+
 	if (!initialize) {
 		p11_debug ("out: already: %lu", CKR_OK);
 		return CKR_OK;
 	}
 
-	rv = proxy_create (&py);
+	py = calloc (1, sizeof (Proxy));
+	return_val_if_fail (py != NULL, CKR_HOST_MEMORY);
+
+	py->mappings = mappings;
+	py->n_mappings = n_mappings;
+
+	rv = proxy_init (py);
 	if (rv != CKR_OK) {
 		p11_debug ("out: %lu", rv);
 		return rv;