Closed
Bug 1258715
Opened 8 years ago
Closed 6 years ago
PK11_GenerateRandom return values in ssl3con
Categories
(NSS :: Libraries, defect, P3)
NSS
Libraries
Tracking
(firefox48 affected)
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox48 | --- | affected |
People
(Reporter: franziskus, Assigned: manishkk)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, good-first-bug, Whiteboard: CID 1242866)
the return value of the first PK11_GenerateRandom is assign but not checked. The second PK11_GenerateRandom is directly ignoring the return value.
> if (client_version != ss->clientHelloVersion) {
> /* Version roll-back detected. ensure failure. */
> rv = PK11_GenerateRandom(rsaPmsBuf, sizeof rsaPmsBuf);
> }
> }
> /* have PMS, build MS without PKCS11 */
> rv = ssl3_MasterSecretDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS, PR_TRUE);
> if (rv != SECSuccess) {
> pwSpec->msItem.data = pwSpec->raw_master_secret;
> pwSpec->msItem.len = SSL3_MASTER_SECRET_LENGTH;
> PK11_GenerateRandom(pwSpec->msItem.data, pwSpec->msItem.len);
> }
Updated•7 years ago
|
Keywords: good-first-bug
Priority: -- → P3
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → 1991manish.kumar
Assignee | ||
Comment 1•6 years ago
|
||
Seems someone resolved this issue! https://searchfox.org/mozilla-central/source/security/nss/lib/ssl/ssl3con.c#1021 Please confirm! (In reply to Franziskus Kiefer [:fkiefer or :franziskus] from comment #0) > the return value of the first PK11_GenerateRandom is assign but not checked. > The second PK11_GenerateRandom is directly ignoring the return value. > > > if (client_version != ss->clientHelloVersion) { > > /* Version roll-back detected. ensure failure. */ > > rv = PK11_GenerateRandom(rsaPmsBuf, sizeof rsaPmsBuf); > > } > > } > > /* have PMS, build MS without PKCS11 */ > > rv = ssl3_MasterSecretDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS, PR_TRUE); > > if (rv != SECSuccess) { > > pwSpec->msItem.data = pwSpec->raw_master_secret; > > pwSpec->msItem.len = SSL3_MASTER_SECRET_LENGTH; > > PK11_GenerateRandom(pwSpec->msItem.data, pwSpec->msItem.len); > > }
Flags: needinfo?(franziskuskiefer)
Reporter | ||
Comment 2•6 years ago
|
||
Yes this was fixed as part of another patch indeed. Thanks for spotting!
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(franziskuskiefer)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•