Closed Bug 1307599 Opened 8 years ago Closed 8 years ago

UBSan: ssl3_HandleServerHelloPart2(): null pointer passed as argument 2, which is declared to never be null

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ttaubert, Assigned: ttaubert)

References

Details

ssl3con.c:6899:40: runtime error: null pointer passed as argument 2, which is declared to never be null /usr/include/string.h:43:28: note: nonnull attribute specified here #0 0x752543 in ssl3_HandleServerHelloPart2 /home/worker/nss/lib/ssl/ssl3con.c:6899:5 #1 0x703457 in ssl3_HandleServerHello /home/worker/nss/lib/ssl/ssl3con.c:6700:14 #2 0x6f796d in ssl3_HandleHandshakeMessage /home/worker/nss/lib/ssl/ssl3con.c:11663:18 #3 0x71943a in ssl3_HandleHandshake /home/worker/nss/lib/ssl/ssl3con.c:11848:18 #4 0x70c1bf in ssl3_HandleRecord /home/worker/nss/lib/ssl/ssl3con.c:12611:22 #5 0x77ef80 in ssl3_GatherCompleteHandshake /home/worker/nss/lib/ssl/ssl3gthr.c:474:22 #6 0x789bf0 in ssl_GatherRecord1stHandshake /home/worker/nss/lib/ssl/sslcon.c:78:10 #7 0x53a71a in ssl_Do1stHandshake /home/worker/nss/lib/ssl/sslsecur.c:65:14 #8 0x5463bc in SSL_ForceHandshake /home/worker/nss/lib/ssl/sslsecur.c:413:14 #9 0x51914b in TestAgent::Handshake() /home/worker/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc:207:34 #10 0x50a67e in TestAgent::DoExchange() /home/worker/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc:236:20 #11 0x509ca5 in RunCycle(std::unique_ptr<Config const, std::default_delete<Config const> >&) /home/worker/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc:289:26 #12 0x50b9d2 in main /home/worker/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc:322:18 #13 0x7f3055d3082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #14 0x422858 in _start (/home/worker/nss/external_tests/nss_bogo_shim/Linux4.1_x86_64_clang-3.9_glibc_PTH_64_ASAN_DBG.OBJ/nss_bogo_shim+0x422858)
Keywords: sec-moderate
Good news is that so far this is the only thing that running BoGo/NSS with UBSan finds.
Unhiding, this isn't security sensitive if memcpy() is called with a NULL pointer but length=0.
Group: crypto-core-security
Keywords: sec-moderate
https://hg.mozilla.org/projects/nss/rev/6b3812492e71
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.28
You need to log in before you can comment on or make changes to this bug.