Closed
Bug 1258669
Opened 9 years ago
Closed 9 years ago
add checks for OPT builds in unix_rand.c
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(firefox48 affected)
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox48 | --- | affected |
People
(Reporter: franziskus, Assigned: franziskus)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: [CID 1247620, CID 1247621][sg:low])
Attachments
(1 file)
|
1.87 KB,
patch
|
ttaubert
:
feedback+
|
Details | Diff | Splinter Review |
unix_rand.c relies on PORT_Assert to check for successful file access. That won't work in optimised builds such that |read| is called on those file pointers even if the file wasn't be opened successfully.
|
||
Comment 1•9 years ago
|
||
Franziskus, can you comment on the potential security impact of this? Is it exploitable?
Flags: needinfo?(franziskuskiefer)
|
Assignee | |
Comment 2•9 years ago
|
||
I think this particular issue is relatively low risk as NSS will read something, but not actually use it.
> PORT_Assert(fd != -1);
> while (limit > fileBytes) {
> bytes = PR_MIN(sizeof buffer, limit - fileBytes);
> bytes = read(fd, buffer, bytes); // read with fd == -1
> if (bytes <= 0) // bytes == -1 here so we bail
> break;
Flags: needinfo?(franziskuskiefer)
Whiteboard: CID 1247620, CID 1247621 → [CID 1247620, CID 1247621][sg:low]
|
|
Assignee | |
Comment 3•9 years ago
|
||
Attachment #8733841 -
Flags: review?(ttaubert)
|
|
Assignee | |
Updated•9 years ago
|
Assignee: nobody → franziskuskiefer
|
|
||
Comment 4•9 years ago
|
||
Comment on attachment 8733841 [details] [diff] [review]
urand_read_file.patch
Review of attachment 8733841 [details] [diff] [review]:
-----------------------------------------------------------------
This seems fine as a fix but I'm worried about the behavior when opening /dev/urandom fails. The RNG_SystemRNG() callers seem to properly fail when we read zero bytes, all RNG_FileUpdate() call sites however do not seem to check if the call succeeded. I think that while we're here we probably should fix that or at least determine that it's fine to not check.
Attachment #8733841 -
Flags: review?(ttaubert) → feedback+
|
|
Assignee | |
Comment 5•9 years ago
|
||
889116(In reply to Tim Taubert [:ttaubert] from comment #4)
> Comment on attachment 8733841 [details] [diff] [review]
> urand_read_file.patch
>
> Review of attachment 8733841 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> This seems fine as a fix but I'm worried about the behavior when opening
> /dev/urandom fails. The RNG_SystemRNG() callers seem to properly fail when
> we read zero bytes, all RNG_FileUpdate() call sites however do not seem to
> check if the call succeeded. I think that while we're here we probably
> should fix that or at least determine that it's fine to not check.
I agree, but we have to be careful to do this only on systems where a certain that we have /dev/urandom. But lets do this in Bug 889116 that was filed for this.
See Also: → 889116
|
|
Assignee | |
Comment 6•9 years ago
|
||
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
|
||
Updated•9 years ago
|
Group: crypto-core-security → core-security-release
|
|
||
Updated•6 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•