Closed Bug 1247692 Opened 8 years ago Closed 8 years ago

out of bounds read in tls13_ExtensionAllowed

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox47 affected)

Status:
RESOLVED DUPLICATE of bug 1247698
Tracking Flags:
Tracking Status
firefox47 --- affected

People

(Reporter: keeler, Unassigned)

Details

(Whiteboard: CID 1352110) 

If tls13_ExtensionAllowed is passed an extension it doesn't know about, it will read one entry past the end of the KnownExtensions array. It's not clear if all code paths that call tls13_ExtensionAllowed prevent unknown extension types from being passed in, but it would probably be best to be defensive here.
Nevermind, Tim's on it.
Group: crypto-core-security
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.