Closed
Bug 1307472
Opened 8 years ago
Closed 8 years ago
UBSan: sftk_ChaCha20Poly1305_CreateContext: null pointer passed as argument 2, which is declared to never be null
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.28
People
(Reporter: ttaubert, Assigned: ttaubert)
References
Details
pkcs11c.c:705:30: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:43:28: note: nonnull attribute specified here
#0 0x7f7ccf7ca6a0 in sftk_ChaCha20Poly1305_CreateContext /home/worker/nss/lib/softoken/pkcs11c.c:705:9
#1 0x7f7ccf74e457 in sftk_CryptInit /home/worker/nss/lib/softoken/pkcs11c.c:1169:35
#2 0x7f7ccf74529d in NSC_EncryptInit /home/worker/nss/lib/softoken/pkcs11c.c:1231:12
#3 0x11d1979 in PK11_Encrypt /home/worker/nss/lib/pk11wrap/pk11obj.c:931:11
#4 0x101e6fb in tls13_AEAD /home/worker/nss/lib/ssl/tls13con.c:2686:14
#5 0x101afb7 in tls13_ChaCha20Poly1305 /home/worker/nss/lib/ssl/tls13con.c:2741:12
#6 0x1000481 in tls13_ProtectRecord /home/worker/nss/lib/ssl/tls13con.c:3809:14
#7 0xdcfbdc in ssl3_SendRecord /home/worker/nss/lib/ssl/ssl3con.c:2683:26
#8 0xddb197 in ssl3_FlushHandshakeMessages /home/worker/nss/lib/ssl/ssl3con.c:2912:13
#9 0xdda426 in ssl3_FlushHandshake /home/worker/nss/lib/ssl/ssl3con.c:2882:16
#10 0xff1a8c in tls13_SendServerHelloSequence /home/worker/nss/lib/ssl/tls13con.c:1850:11
#11 0xfe1a0b in tls13_HandleClientHelloPart2 /home/worker/nss/lib/ssl/tls13con.c:1341:14
#12 0xe488f2 in ssl3_HandleClientHello /home/worker/nss/lib/ssl/ssl3con.c:8494:14
#13 0xe40a01 in ssl3_HandleHandshakeMessage /home/worker/nss/lib/ssl/ssl3con.c:11655:18
#14 0xe6269a in ssl3_HandleHandshake /home/worker/nss/lib/ssl/ssl3con.c:11848:18
#15 0xe5541f in ssl3_HandleRecord /home/worker/nss/lib/ssl/ssl3con.c:12611:22
#16 0x103c140 in ssl3_GatherCompleteHandshake /home/worker/nss/lib/ssl/ssl3gthr.c:474:22
#17 0x1046db0 in ssl_GatherRecord1stHandshake /home/worker/nss/lib/ssl/sslcon.c:78:10
#18 0xf1463a in ssl_Do1stHandshake /home/worker/nss/lib/ssl/sslsecur.c:65:14
#19 0xf202dc in SSL_ForceHandshake /home/worker/nss/lib/ssl/sslsecur.c:413:14
#20 0xb06a06 in nss_test::TlsAgent::Handshake() /home/worker/nss/external_tests/ssl_gtest/tls_agent.cc:671:18
#21 0xb46997 in nss_test::TlsConnectTestBase::Handshake() /home/worker/nss/external_tests/ssl_gtest/tls_connect.cc:240:12
#22 0xb49426 in nss_test::TlsConnectTestBase::Connect() /home/worker/nss/external_tests/ssl_gtest/tls_connect.cc:256:3
#23 0x6bd234 in nss_test::TlsCipherSuiteTestBase::ConnectAndCheckCipherSuite() /home/worker/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc:131:5
#24 0x6ba421 in nss_test::TlsCipherSuiteTest_SingleCipherSuite_Test::TestBody() /home/worker/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc:214:3
#25 0xd56e9e in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /home/worker/nss/external_tests/google_test/gtest/src/gtest.cc:2362:10
#26 0xc448ed in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /home/worker/nss/external_tests/google_test/gtest/src/gtest.cc:2398:14
#27 0xc43c40 in testing::Test::Run() /home/worker/nss/external_tests/google_test/gtest/src/gtest.cc:2434:5
#28 0xc4aca2 in testing::TestInfo::Run() /home/worker/nss/external_tests/google_test/gtest/src/gtest.cc:2610:11
#29 0xc51e8f in testing::TestCase::Run() /home/worker/nss/external_tests/google_test/gtest/src/gtest.cc:2728:28
#30 0xc8ebdb in testing::internal::UnitTestImpl::RunAllTests() /home/worker/nss/external_tests/google_test/gtest/src/gtest.cc:4591:43
#31 0xd6f400 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/worker/nss/external_tests/google_test/gtest/src/gtest.cc:2362:10
#32 0xc8be5d in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/worker/nss/external_tests/google_test/gtest/src/gtest.cc:2398:14
#33 0xc8b58e in testing::UnitTest::Run() /home/worker/nss/external_tests/google_test/gtest/src/gtest.cc:4209:10
#34 0x91ac5c in RUN_ALL_TESTS() /home/worker/nss/external_tests/ssl_gtest/../../external_tests/google_test/gtest/include/gtest/gtest.h:2304:46
#35 0x91aae2 in main /home/worker/nss/external_tests/ssl_gtest/ssl_gtest.cc:37:12
#36 0x7f7cd344a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#37 0x46e2d8 in _start (/home/worker/nss/external_tests/ssl_gtest/Linux4.1_x86_64_clang-3.9_glibc_PTH_64_ASAN_DBG.OBJ/ssl_gtest+0x46e2d8)
|
Assignee | |
Comment 1•8 years ago
|
||
This happens because tls13_ChaCha20Poly1305() does:
> aeadParams.pAAD = NULL; /* No AAD in TLS 1.3. */
And we need to handle that. sec-low because 1.3 isn't enabled by default.Keywords: sec-low
|
|
Assignee | |
Comment 2•8 years ago
|
||
https://nss-dev.phacility.com/D59
|
|
Assignee | |
Comment 3•8 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/6056611f3f55
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.28
|
|
Assignee | |
Comment 4•8 years ago
|
||
Unhiding, this isn't security sensitive if memcpy() is called with a NULL pointer and length=0.
Group: crypto-core-security
Keywords: sec-low
You need to log in
before you can comment on or make changes to this bug.
Description
•