Closed Bug 1061701 Opened 10 years ago Closed 9 years ago

Overflow-prone binary search algorithms in NSS

Categories

(NSS :: Tools, defect)

Product:
NSS
Component:
Tools
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox34 unaffected, firefox35 unaffected)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox34 --- unaffected
firefox35 --- unaffected

People

(Reporter: gfritzsche, Assigned: gfritzsche)

References

Details

(Keywords: sec-audit, Whiteboard: utils/test only)

Attachments

(1 file, 1 obsolete file)

Fixes
2.74 KB, patch
KaiE
: review+
Details | Diff | Splinter Review 
      No description provided.
See bug 917918, comment 0 for the issue. This is about the security/nss parts.
Attached patch Fixes (obsolete) — Splinter Review 

    
    

    
  

      
      
      
      

        Attached patch
          
          
        FixesSplinter Review
      

    


  

        Attachment #8482743 -
        Attachment is obsolete: true

        Attachment #8482756 -
        Flags: review?(kaie)

    
    

    
  
Comment on attachment 8482756 [details] [diff] [review]
Fixes

r=kaie

Thanks, looks good to me. So this avoids potential integer overflows. Luckily the affected code is only in a test utility, in a build/dependency utility, and in a signing utlity. The signing utility might be the most critical one, but the code only does a lookup in a very small tables of error codes, so it shouldn't ever get close to an overflow.

        Attachment #8482756 -
        Flags: review?(kaie) → review+

    
    

    
  
Do you require any special timing for checking in the patch, as you've marked it security sensitive? Any suggestions for the public commit message?

    
  
Keywords: checkin-needed

    
    

    
  
[Tracking Requested - why for this release]:

Per bug 917918 this will probably held back until the patches there reach middle or late beta. Requesting tracking here as well so this doesn't get lost.

          tracking-firefox34:
          --- → ?
Depends on: 917918

    
  
Keywords: checkin-needed

    
    

    
  
(In reply to Georg Fritzsche [:gfritzsche] from comment #6)
> [Tracking Requested - why for this release]:
> 
> Per bug 917918 this will probably held back until the patches there reach
> middle or late beta. Requesting tracking here as well so this doesn't get
> lost.

Checking back with dveditz though.
Flags: needinfo?(dveditz)

    
    

    
  
Note that NSS is on a separate release schedule. We must land into NSS earlier, so it can be included in a release version, which can then be uplifted into mozilla branches.

Given this isn't a serious issue inside of NSS, I suggest that we land into NSS as soon as you're ready to accept this bug becomes publicly known.

    
    

    
  
If this isn't part of the main NSS library used by network-exposed clients and servers then we can wait to land this after the Firefox-specific ones in bug 917918. The uplift timing for the NSS part doesn't really matter then.
Flags: needinfo?(dveditz)
Whiteboard: utils/test only

    
    

    
  
It's now middle Beta. What's the plan for getting this fixed? Do you still want to take a fix in 34?
Flags: needinfo?(dveditz)

    
    

    
  
[Tracking Requested - why for this release]:
Bug 917918 is on the trains for 35, so per comment 9 we should land after that is released.

          status-firefox35:
          --- → affected

          tracking-firefox34:
          + → ---

          tracking-firefox35:
          --- → ?

    
    

    
  
We don't need these fixed in Firefox: these changes are in utils that are not part of the shipping browser.

          status-firefox34:
          affectedunaffected

          status-firefox35:
          affectedunaffected

          tracking-firefox35:
          ? → ---
Flags: needinfo?(dveditz)

    
  
Group: core-security → crypto-core-security

    
    

    
  
Would this be good to land now?
Flags: needinfo?(dveditz)

    
    

    
  
Sure, any time.
Flags: needinfo?(dveditz)

    
    

    
  
This still applies fine - Martin, i heard you might be able to land this?
Flags: needinfo?(martin.thomson)

    
    

    
  
https://hg.mozilla.org/projects/nss/rev/bb14a192a3c3
Status: NEW → UNCONFIRMED
Ever confirmed: false
Flags: needinfo?(martin.thomson)
Target Milestone: --- → 3.21

    
  
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Group: crypto-core-security

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: