UMR in stun_get_siocgifconf_addrs

RESOLVED FIXED in Firefox 35

Status

()

RESOLVED FIXED
4 years ago
2 years ago

People

(Reporter: bwc, Assigned: bwc)

Tracking

({sec-moderate})

Trunk
mozilla35
All
Linux
sec-moderate
Points:
---

Firefox Tracking Flags

(firefox34 wontfix, firefox35 fixed, firefox-esr31 wontfix)

Details

(Whiteboard: [adv-main35+])

Attachments

(1 attachment)

(Assignee)

Description

4 years ago
If any failure occurs here:

http://dxr.mozilla.org/mozilla-central/source/media/mtransport/third_party/nICEr/src/stun/addrs.c?from=stun_get_siocgifconf_addrs&case=true#608

|ptr| will be left pointing at uninitialized memory. A failure in the socket call above would do this, for sure.

Comment 1

4 years ago
Note that this needs to be fixed concurrently in the nICEr repo.
Keywords: sec-moderate
(Assignee)

Comment 2

4 years ago
Created attachment 8481567 [details] [diff] [review]
Check for ioctl error return.
(Assignee)

Updated

4 years ago
Assignee: nobody → docfaraday
Status: NEW → ASSIGNED
(Assignee)

Comment 3

4 years ago
Comment on attachment 8481567 [details] [diff] [review]
Check for ioctl error return.

Review of attachment 8481567 [details] [diff] [review]:
-----------------------------------------------------------------

https://tbpl.mozilla.org/?tree=Try&rev=002920234613
Attachment #8481567 - Flags: review?(martin.thomson)

Updated

4 years ago
Attachment #8481567 - Flags: review?(martin.thomson) → review+
Before checkin, note comment 1 from ekr about upstream
https://hg.mozilla.org/mozilla-central/rev/c220f15e006b
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
status-firefox35: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla35
(In reply to Randell Jesup [:jesup] from comment #4)
> Before checkin, note comment 1 from ekr about upstream

byron: has this been checked-in upstream?
Flags: needinfo?(docfaraday)
(Assignee)

Comment 8

4 years ago
Yes.
Flags: needinfo?(docfaraday)
status-firefox34: --- → wontfix
status-firefox-esr31: --- → wontfix
Whiteboard: [adv-main35+]

Updated

3 years ago
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.