SECU_GetModulePassword() returns wrong data in case of PW_PLAINTEXT

RESOLVED FIXED in 3.2.2

Status

NSS
Libraries
--
major
RESOLVED FIXED
16 years ago
16 years ago

People

(Reporter: Uriel Ginsburg, Assigned: Wan-Teh Chang)

Tracking

unspecified
3.2.2

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
from security\nss\cmd\lib\secutil.c:
...
case PW_PLAINTEXT:
  return PL_strdup(arg);

when it actually should be:
case PW_PLAINTEXT:
  return PL_strdup(pwdata->data);
(Assignee)

Comment 1

16 years ago
Thanks for the bug report.

This bug is already fixed (secutil.c, rev. 1.24,
by Ian McGreer).  The fix is in NSS 3.2.2 and
NSS 3.3.1 but is not in NSS 3.3.  Therefore I am
setting the target milestone to 3.2.2.

Are you using NSS 3.2.1 or NSS 3.3?
Status: UNCONFIRMED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.2.2
Version: 3.3.1 → unspecified
(Reporter)

Comment 2

16 years ago
I'm using 3.3, my bad.
(Assignee)

Comment 3

16 years ago
Please upgrade to NSS 3.3.1.  See the release notes
(http://www.mozilla.org/projects/security/pki/nss/release_notes_331.html)
for information on CVS tag and where to download the source tarball and
pre-compiled binary distributions.

I just added this bug to the "Bugs Fixed" section in
the NSS 3.3.1 release notes.  (We didn't open a bug
report when we fixed the bug.)
You need to log in before you can comment on or make changes to this bug.