Closed
Bug 1227096
Opened 9 years ago
Closed 5 years ago
[Static Analysis][Division by zero] Function PQG_VerifyParams from lib/freebl/pqg.c can potentially cause a division by 0
Categories
(NSS :: Libraries, defect, P3)
NSS
Libraries
Tracking
(firefox45 affected)
RESOLVED
FIXED
3.45
| Tracking | Status | |
|---|---|---|
| firefox45 | --- | affected |
People
(Reporter: andi, Assigned: andi)
Details
(Keywords: good-first-bug)
Attachments
(1 file, 2 obsolete files)
The Static Analysis tool Scan-Build added a division by 0 error on variable outlen, it's vallue is set to 0 when hashtype is inconsistent.
|
Assignee | |
Comment 1•9 years ago
|
||
Component: Security → Libraries
Product: Core → NSS
Version: Trunk → trunk
|
|
Assignee | |
Comment 2•9 years ago
|
||
Comment on attachment 8690787 [details] [diff] [review] Bug 1227096.diff Hello Robert, Can you please take a look other this patch? THX
Attachment #8690787 -
Flags: review?(rrelyea)
|
||
Comment 3•7 years ago
|
||
Comment on attachment 8690787 [details] [diff] [review] Bug 1227096.diff Review of attachment 8690787 [details] [diff] [review]: ----------------------------------------------------------------- ::: security/nss/lib/freebl/pqg.c @@ +1743,5 @@ > /* 10. P generated from (L, counter, g, SEED, Q) matches P > * in PQGParams. */ > outlen = HASH_ResultLen(hashtype)*PR_BITS_PER_BYTE; > + > + if (outlen<=0) Only in theory can this be zero, `findQfromSeed()` would fail if we don't find a supported hash type. Maybe add an assertion?
Attachment #8690787 -
Flags: review?(rrelyea) → review-
|
|
||
Updated•7 years ago
|
Priority: -- → P3
|
|
||
Updated•7 years ago
|
Summary: [Static Analysis][Division by zero] Function PQG_VerifyParams from security/nss/lib/freebl/pqg.c can potentially cause a division by 0 → [Static Analysis][Division by zero] Function PQG_VerifyParams from lib/freebl/pqg.c can potentially cause a division by 0
|
|
||
Updated•7 years ago
|
Keywords: good-first-bug
|
|
Assignee | |
Comment 4•7 years ago
|
||
Attachment #8690787 -
Attachment is obsolete: true
Attachment #8907543 -
Flags: review?(ttaubert)
|
|
Assignee | |
Updated•5 years ago
|
Attachment #8907543 -
Flags: review?(ttaubert) → review?(kaie)
|
||
Comment 5•5 years ago
|
||
Comment on attachment 8907543 [details] [diff] [review] Bug 1227096.patch I had added r+ in https://phabricator.services.mozilla.com/D25746
Attachment #8907543 -
Flags: review?(kaie) → review+
|
|
||
Comment 6•5 years ago
|
||
I wonder why I didn't see a link to phabricator before my comment 5
QA Contact: jjones
|
|
Assignee | |
Updated•5 years ago
|
Keywords: checkin-needed
|
||
Comment 7•5 years ago
|
||
Kaie - this is a different patch, in a different function, than Bug 1227090.
Can you double-check it? I haven't run a try run on it, since it's a splinter patch. (Andi, any chance of reposting in phab?)
Flags: needinfo?(kaie)
|
|
Assignee | |
Comment 8•5 years ago
|
||
|
|
Assignee | |
Updated•5 years ago
|
Attachment #8907543 -
Attachment is obsolete: true
|
|
||
Comment 9•5 years ago
|
||
Status: NEW → RESOLVED
Closed: 5 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → 3.45
|
|
||
Updated•5 years ago
|
Flags: needinfo?(kaie)
You need to log in
before you can comment on or make changes to this bug.
Description
•