Closed
Bug 334459
Opened 18 years ago
Closed 18 years ago
Variable "cipherName" tracked as NULL was passed to a function that dereferences it. [@ PORT_Strdup - SSL_SecurityStatus]
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.1
People
(Reporter: timeless, Assigned: alvolkov.bgs)
References
()
Details
(Keywords: coverity, crash, Whiteboard: CID 202)
Crash Data
Attachments
(1 file)
826 bytes,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
found by coverity
Attachment #218797 -
Flags: review?(nelson)
Comment 2•18 years ago
|
||
Comment on attachment 218797 [details] [diff] [review] don't jump after looking If cipherName is ever NULL here, there is a BIG flag elsewhere in the SSL code. It would require that ss->sec.cipherType contain an invalid value, outside of the range of the arrays ssl_cipherName and ssl3_cipherNamem which would indicate a coding error in libSSL. This patch does avoid that crash, but it should be more aggressive. We should put in an assertion that cipherName is not NULL. So add one more line, right here. >- if (cipherName && PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE; PORT_Assert(cipherName); >+ if (cipherName) { >+ if (PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE; > >- if (cp) { >- *cp = PORT_Strdup(cipherName); >- } >+ if (cp) { >+ *cp = PORT_Strdup(cipherName); >+ } >+ } > > if (kp0) { > *kp0 = ss->sec.keyBits;
Attachment #218797 -
Flags: review?(nelson) → review+
Comment 3•18 years ago
|
||
> If cipherName is ever NULL here, there is a BIG flag elsewhere in the
Make that: a big BUG
Severity: critical → normal
OS: Linux → All
Priority: -- → P3
Hardware: PC → All
Updated•18 years ago
|
Target Milestone: --- → 3.11.1
Assignee | ||
Comment 4•18 years ago
|
||
tip: /cvsroot/mozilla/security/nss/lib/ssl/sslauth.c,v <-- sslauth.c new revision: 1.16; previous revision: 1.15 3.11 branch: /cvsroot/mozilla/security/nss/lib/ssl/sslauth.c,v <-- sslauth.c new revision: 1.15.2.1; previous revision: 1.15
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•18 years ago
|
Assignee: nobody → alexei.volkov.bugs
Updated•13 years ago
|
Crash Signature: [@ PORT_Strdup - SSL_SecurityStatus]
You need to log in
before you can comment on or make changes to this bug.
Description
•