Closed Bug 1247698 Opened 8 years ago Closed 8 years ago

[Coverity 1352110] Memory - illegal accesses (OVERRUN) in tls13_ExtensionAllowed()

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox47 affected)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox47 --- affected

People

(Reporter: ttaubert, Assigned: ekr)

References

(Blocks 1 open bug)

Details

(Keywords: coverity) 

*** CID 1352110:  Memory - illegal accesses  (OVERRUN)
/security/nss/lib/ssl/tls13con.c: 1846 in tls13_ExtensionAllowed()
1840         for (i = 0; i < PR_ARRAY_SIZE(KnownExtensions); i++) {
1841             if (KnownExtensions[i].ex_value == extension) {
1842                 break;
1843             }
1844         }
1845     
>>>     CID 1352110:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array "KnownExtensions" of 14 8-byte elements at element index 14 (byte offset 112) using index "i" (which evaluates to 14).
1846         switch(KnownExtensions[i].status) {
1847             case ExtensionNotUsed:
1848                 return PR_FALSE;
1849             case ExtensionClientOnly:
1850                 return message == client_hello;
1851             case ExtensionSendClear:
Patch at: https://codereview.appspot.com/288150043
Flags: needinfo?(ekr)
Tim, I actually ran into this earlier and have a somewhat more comprehensive patch at:
https://codereview.appspot.com/290180043
Flags: needinfo?(ekr)
https://hg.mozilla.org/projects/nss/rev/e6b4d53f484c
Assignee: ttaubert → ekr
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.23
You need to log in before you can comment on or make changes to this bug.