Closed
Bug 1227100
Opened 9 years ago
Closed 6 years ago
[Static Analysis][Division by zero] Function makePrimefromPrimesShaweTaylor from lib/freebl/pqg.c can cause a division by 0
Categories
(NSS :: Libraries, defect, P3)
NSS
Libraries
Tracking
(firefox45 affected)
RESOLVED
INVALID
| Tracking | Status | |
|---|---|---|
| firefox45 | --- | affected |
People
(Reporter: andi, Assigned: andi)
Details
(Keywords: good-first-bug)
Attachments
(1 file)
|
960 bytes,
patch
|
ttaubert
:
review-
|
Details | Diff | Splinter Review |
The Static Analysis tool Scan-Build added a division by 0 error on variable outlen, it's vallue is set to 0 when hashtype is inconsistent.
|
Assignee | |
Comment 1•9 years ago
|
||
|
||
Updated•9 years ago
|
Component: Security → Libraries
Product: Core → NSS
Version: Trunk → trunk
|
|
Assignee | |
Comment 2•9 years ago
|
||
Comment on attachment 8690790 [details] [diff] [review]
Bug 1227100.diff
Hello Robert,
Can you please take a look other this patch?
THX
Attachment #8690790 -
Flags: review?(rrelyea)
|
||
Updated•8 years ago
|
Summary: [Static Analysis][Division by zero] Function makePrimefromPrimesShaweTaylor from security/nss/lib/freebl/pqg.c can cause a division by 0 → [Static Analysis][Division by zero] Function makePrimefromPrimesShaweTaylor from lib/freebl/pqg.c can cause a division by 0
|
|
||
Comment 3•8 years ago
|
||
Comment on attachment 8690790 [details] [diff] [review]
Bug 1227100.diff
Review of attachment 8690790 [details] [diff] [review]:
-----------------------------------------------------------------
::: security/nss/lib/freebl/pqg.c
@@ +515,5 @@
> int i;
> int iterations;
> int old_counter;
>
> + if (outlen <= 0)
We should probably rather check `hashlen` and move the definition of `outlen` to here. if `hashlen == 0` that means we were passed an invalid `hashtype`. This should be an assertion as both external call sites should never pass an invalid type.
Attachment #8690790 -
Flags: review?(rrelyea) → review-
|
|
||
Updated•8 years ago
|
Priority: -- → P3
|
|
||
Updated•8 years ago
|
Keywords: good-first-bug
|
|
Assignee | |
Comment 4•8 years ago
|
||
Thanks for reviewing this, I'll update the patch shortly.
|
|
Assignee | |
Comment 5•6 years ago
|
||
This should be closed since the current code changed and the issue is no longer present.
Status: NEW → RESOLVED
Closed: 6 years ago
QA Contact: jjones
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•