Closed
Bug 1176293
Opened 9 years ago
Closed 8 years ago
global-buffer-overflow in certutil running dbupgrade tests
Categories
(NSS :: Tools, defect)
NSS
Tools
Tracking
(firefox41 affected)
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox41 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
4.71 KB,
text/plain
|
Details |
This happens in the sqlite3 code that is bundled with NSS. It is likely no big deal if we don't ship that code. On the other hand I don't know if this is also present in productions code. Steps to reproduce: 1) build nss test suite with address sanitizer 2) run test suite, dbupgrade.sh specifically I'm marking as security just in case.
Reporter | ||
Updated•9 years ago
|
Summary: global-buffer-overflow on address in certutil running dbupgrade tests → global-buffer-overflow in certutil running dbupgrade tests
Comment 1•9 years ago
|
||
Thanks Tyson. Do you know if this issue has already been fixed in the more recent sqlite code? If it is, then we can update the copy of sqlite that's part of NSS. I believe Firefox has its own copy of sqlite, and at the time Firefox builds NSS, the NSS copy of sqlite will be ignored.
Reporter | ||
Comment 2•9 years ago
|
||
Hey Kai, It looks like this issue was fixed in 3.7.16 (3.7.14.1 is bundled). This version is still pretty old, it is from April 2013. 3.8.10.2 is the latest release. I found some information here: https://github.com/ViennaRSS/vienna-rss/issues/179
Comment 3•9 years ago
|
||
Tyson: This is a SQLite bug fixed in SQLite 3.7.16 as you noted: 2013-03-18 (3.7.16) ... * Change to use strncmp() or the equivalent instead of memcmp() when comparing non-zero-terminated strings. To work around this bug, add strict_memcmp=0 to the ASAN_OPTIONS environment variable before running AddressSanitizer. See https://code.google.com/p/address-sanitizer/wiki/Flags.
Reporter | ||
Comment 4•9 years ago
|
||
I'd be happy to close this issue as is. If there are plans to update the bundled version of sqlite I can wait.
Comment 5•9 years ago
|
||
Let's not close it, but I believe we can open up the bug. The shipped version of sqlite in NSS is there as a convenience. Most NSS users use an external sqlite (linux distributions ship a system sqlite which NSS uses there, firefox provides their own sqlite. I suspect chrome does as well). As such, I think keeping this bug private is counter productive. We should open this up and make turn it into a request to upgrade sqlite to something newer. bob
Reporter | ||
Updated•9 years ago
|
Group: core-security
Mass cc to get some NSS eyes on these bugs.
Comment 7•8 years ago
|
||
We're using SQLite 3.10.2 now for a while (since 3.23) and I can't reproduce this anymore. Let's close it.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•