rmeggins@redhat.com wrote:

Full_Name: Rich Megginson Version: current tip of master branch OS: RHEL6 URL: ftp://ftp.openldap.org/incoming/0001-NSS_Init-functions-are-not-thread-safe.patch Submission from: (NULL) (76.26.104.137)

The NSS_InitContext et. al, and their corresponding shutdown functions, are not thread safe. There can only be one thread at a time calling these functions. Protect the calls with a mutex. Create the mutex using a PR_CallOnce to ensure that the mutex is only created once and not used before created. Move the registration of the nss shutdown callback to also use a PR_CallOnce. Removed the call to SSL_ClearSessionCache() because it is always called at shutdown, and we must not call it more than once.

We generally assume that all initialization is done before threads are spawned. I seem to recall this is a requirement for GnuTLS, anyway.

I've applied this patch but it has a few issues. E.g., the LDAP_MUTEX macros are already defined relative to LDAP_R_COMPILE so they do not need to be protected by ifdefs. In fact the macros are there specifically to eliminate all of those ifdefs.

A couple of whitespace strangenesses too. I'll fix these here, thanks for the patch.

These patch files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Red Hat. Red Hat has not assigned rights and/or interest in this work to any party. I, Rich Megginson am authorized by Red Hat, my employer, to release this work under the following terms.

Red Hat hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.