Fix leak and use-after-free of session objects on session close

SessionObjects were kept alive in allObjects as tombstones with
valid=false after their session closed, so every object ever created
lingered until C_Finalize, holding its Mutex*. Long-running clients
saw unbounded memory growth dominated by mutex objects.

Add refcounting to OSObject and have SessionObjectStore, HandleManager,
and C_FindObjectsInit acquire/release across the boundaries where
session-object pointers escape the store mutex. Releases happen outside
the relevant lock to avoid widening critical sections. Also erase from
allObjects in the store cleanup paths to avoid a double-free against
the destructor.

Author: bukka

src/lib/SoftHSM.cpp

@@ -2048,9 +2048,23 @@ CK_RV SoftHSM::C_FindObjectsInit(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pT
 	// Check if we are out of memory
 	if (findOp == NULL_PTR) return CKR_HOST_MEMORY;
 
+	std::set<OSObject*> tokenObjects;
+	std::set<OSObject*> sessionObjects;
+	token->getObjects(tokenObjects);
+	sessionObjectStore->getObjects(slot->getSlotID(), sessionObjects);
+
+	struct SessionObjReleaser {
+		std::set<OSObject*>& s;
+		~SessionObjReleaser()
+		{
+			for (auto* o : s)
+				o->release();
+		}
+	} sessionObjectGuard{sessionObjects};
+
 	std::set<OSObject*> allObjects;
-	token->getObjects(allObjects);
-	sessionObjectStore->getObjects(slot->getSlotID(),allObjects);
+	allObjects.insert(tokenObjects.begin(), tokenObjects.end());
+	allObjects.insert(sessionObjects.begin(), sessionObjects.end());
 
 	std::set<CK_OBJECT_HANDLE> handles;
 	std::set<OSObject*>::iterator it;

src/lib/handle_mgr/CMakeLists.txt

@@ -6,6 +6,7 @@ set(INCLUDE_DIRS ${PROJECT_SOURCE_DIR}
                  ${PROJECT_SOURCE_DIR}/../data_mgr
                  ${PROJECT_SOURCE_DIR}/../object_store
                  ${PROJECT_SOURCE_DIR}/../pkcs11
+                 ${PROJECT_SOURCE_DIR}/../session_mgr
                  ${PROJECT_SOURCE_DIR}/../slot_mgr
                  )
 

src/lib/handle_mgr/Handle.cpp

@@ -34,17 +34,20 @@
 
 // Constructor
 Handle::Handle(CK_HANDLE_KIND _kind, CK_SLOT_ID _slotID, CK_SESSION_HANDLE _hSession)
-    : kind(_kind), slotID(_slotID), hSession(_hSession), object(NULL_PTR), isPrivate(false)
+    : kind(_kind), slotID(_slotID), hSession(_hSession), object(nullptr), session(nullptr),
+    isPrivate(false)
 {
 }
 
 Handle::Handle(CK_HANDLE_KIND _kind, CK_SLOT_ID _slotID)
-    : kind(_kind), slotID(_slotID), hSession(CK_INVALID_HANDLE), object(NULL_PTR), isPrivate(false)
+    : kind(_kind), slotID(_slotID), hSession(CK_INVALID_HANDLE), object(nullptr), session(nullptr),
+    isPrivate(false)
 {
 }
 
 Handle::Handle()
-    : kind(CKH_INVALID), slotID(0), hSession(CK_INVALID_HANDLE), object(NULL_PTR), isPrivate(false)
+    : kind(CKH_INVALID), slotID(0), hSession(CK_INVALID_HANDLE), object(nullptr), session(nullptr),
+    isPrivate(false)
 {
 
 }

src/lib/handle_mgr/Handle.h

@@ -34,6 +34,8 @@
 #define _SOFTHSM_V2_HANDLE_H
 
 #include "cryptoki.h"
+#include "OSObject.h"
+#include "Session.h"
 
 enum {
    CKH_INVALID,
@@ -54,7 +56,8 @@ class Handle
     CK_SLOT_ID slotID;
     CK_SESSION_HANDLE hSession;
 
-    CK_VOID_PTR object;
+    OSObject *object;
+    Session *session;
     bool isPrivate;
 };