Closed
Bug 174468
Opened 22 years ago
Closed 22 years ago
PK11_TokenKeyGen's attribute template is too small
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.7
People
(Reporter: jamie-bugzilla, Assigned: rrelyea)
Details
Attachments
(1 file)
606 bytes,
patch
|
jamie-bugzilla
:
review+
|
Details | Diff | Splinter Review |
The PKCS #11 attribute template in PK11_TokenKeyGen is allocated with 5 elements. It is possible, however, to generate 6 attributes, depending on the parameters passed in. In this case, the buffer will overflow, and an assertion will be triggered in debug builds. The reason this worked before is we used this function with DES and triple-DES, which don't have a keySize. So that attribute is not added to the template. To create an AES key, I passed in a keySize of 128, which caused that attribute to be added to the template, overflowing the buffer. I'll try to find a workaround for this, but Some People want to be able to generate AES keys.
Comment 1•22 years ago
|
||
Jamie, do you have a workaround now? If you don't have a workaround, it seems that you need a fix sooner than NSS 3.7, correct?
Priority: -- → P1
Target Milestone: --- → 3.7
Reporter | ||
Comment 2•22 years ago
|
||
Our customer can continue using DES3 for a while, so we can wait until 3.7 to fix this.
Assignee | ||
Comment 3•22 years ago
|
||
Good catch. Debug builds will catch the case if the arrays are too small, but Optimize builds won't.
Reporter | ||
Comment 4•22 years ago
|
||
Comment on attachment 103912 [details] [diff] [review] Increase array size to match largest possible case. This fix looks good.
Attachment #103912 -
Flags: review+
Comment 5•22 years ago
|
||
Comment on attachment 103912 [details] [diff] [review] Increase array size to match largest possible case. r=wtc. By the way, the initial value of 'count' is unused. We might as well delete the initialization.
Assignee | ||
Comment 6•22 years ago
|
||
patch checked in.
Assignee | ||
Comment 7•22 years ago
|
||
checked into tip.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•