Closed Bug 1340222 Opened 7 years ago Closed 7 years ago

type change of CERTCertificate.CERTOKDomainName.name broke ABI

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.28
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: KaiE, Unassigned)

References

Details

As part of bug 1277228, with this commit:
  https://hg.mozilla.org/projects/nss/rev/25bbb8bdd46086979558331d5030adeab4d4129e

the type of CERTCertificate.CERTOKDomainName.name was changed from

    char name[1]; /* actual length may be longer. */
to
    char *name;

That means, the attribute is no longer an inline member of CERTOKDomainName (which was dynamically allocated to have enough space), to a pointer.

That means, if any application exists that reads this attribute, it will read from the offset of the beginning of the struct. But the new type would require the code to dereference the pointer. As a result, old code reading this attribute won't get the expected result.
I need a quick decision what to do about this bug, because I urgently need to work on an NSS 3.28.3 release, prior to the initial release of Firefox 52, and I need to decide if a fix for this one should be applied, or not.

We couldn't find code that looks inside the CERTOKDomainName struct to access the name attribute.

This data structure is used by an application, to provide input to the library, and the expected procedure to do so is to use API CERT_AddOKDomainName.

The only other place inside of NSS accessing that data is function CERT_VerifyCertName.

Given that the input is provided by applications using an API, it seems unlikely that an application requires to read the attribute.

We consider to ignore this ABI change, as it seems unlikely to cause issues.
I'm hoping we don't need a fix for this, marking as wontfix.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.