Closed Bug 1201704 Opened 10 years ago Closed 10 years ago

ASan: NULL deref in PK11_SaveContextAlloc

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Version:
3.21
Type:
defect

Tracking

(firefox43 affected)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox43 --- affected

People

(Reporter: tsmith, Assigned: ekr)

References

(Blocks 1 open bug)

Details

(4 keywords)

Attachments

(3 files, 1 obsolete file)

test_case
260 bytes, application/octet-stream
Details
log_with_backtrace.txt
16.09 KB, text/plain
Details
nss_3_20.log.txt
550 bytes, text/plain
Details
Attached file test_case
Group: crypto-core-security
This should probably be marked as security until indicated otherwise.
This doesn't cause a crash on my machine (w/o ASan), which is surprising. My guess of what's going on here is that the handshake hashes are initialized in ssl3_Handle{Client,Server}Hello and so if you get a different message first you have a null context.
OK, I have now reproduced the problem by applying this fuzz test to the main tree. This is a regression introduced by the session hash patch. The issue here is that the code in ssl3_HandleHandshakeMessage that invokes ssl3_ComputeHandshakeHashes does not enforce that we are in the right state, and because (as indicated in c3), we are getting a message of type CertificateVerify before we get a ServerHello or a ClientHello, we try to invoke ssl3_ComputeHandshakeHashes with a null hash. Prior to the session hash patch, this generated an error because we checked for the presence of pwSpec->master_secret, which is nonzero at this stage in the handshake and so served as an implicit state check. However, we moved that check out and so now we get further in the function and fail. There are two possible fixes: 1. Check in ssl3_ComputeHandshakeHashes that the handshake hash contexts are initialized. 2. Check that we are expecting this message in ssl3_HandleHandshakeMessage. The second check is probably more robust, but is more of a layering problem. I suggest instead we just introduce checks in ssl3_ComputeHandshakeHashes for initialization of the hash contexts, which will bring us back approximately to where we were before this patch landed. WTC? MT?
Flags: needinfo?(wtc)
Flags: needinfo?(martin.thomson)
Attached file log_with_backtrace.txt
Attachment #8656823 - Attachment is obsolete: true
Wan-Teh, I have Martin's r+ on Rietveld and would like to land this and open the bug because: 1. It is a null pointer dereference. 2. It only seems to affect the trunk and not released versions. Tyson, can you please confirm point #2. Wan-Teh, if you object please let me know by COB today. Otherwise, I will plan to land over the weekend.
Flags: needinfo?(martin.thomson) → needinfo?(twsmith)
Attached file nss_3_20.log.txt
Verified that this crash is not present in NSS 3.20
Flags: needinfo?(twsmith)
Eric: I commented in the Rietveld code review.
Flags: needinfo?(wtc)
Keywords: regression
r+ from MT and WTC Landed as: https://hg.mozilla.org/projects/nss/rev/ac6a7b6bc48c
Flags: needinfo?(dveditz)
Per discussion with WTC, I believe it is fine to unhide this bug.
dveditz, actually hold off until I verify with tyson's original test case.
Flags: needinfo?(dveditz)
It looks good to me w/o ASan. Tyson, please test with ASan against trunk?
Flags: needinfo?(twsmith)
(In reply to Eric Rescorla (:ekr) from comment #13) > It looks good to me w/o ASan. Tyson, please test with ASan against trunk? Passed! Retested with rev ac6a7b6bc48c.
Flags: needinfo?(twsmith)
Opening this up as a null deref now fixed.
Group: crypto-core-security
Can we resolve this as fixed?
I don't see why not.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.21
This bug was introduced in NSS 3.21 (pre-release) by the TLS session hash patch (bug 1117022).
Assignee: nobody → ekr
OS: Unspecified → All
Priority: -- → P1
Hardware: Unspecified → All
Version: trunk → 3.21
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: