Open
Bug 1415848
Opened 7 years ago
Updated 2 years ago
Cleanup could call mp_clear for uninitialized mp_int
Categories
(NSS :: Libraries, enhancement, P3)
NSS
Libraries
Tracking
(Not tracked)
NEW
People
(Reporter: jallmann, Unassigned)
Details
Found when fixing RSA_NewKey(). Several mp_int objects are created and not initialized until later. In case of going to cleanup before all of them are initialized, mp_clear is called on uninitialized mp_int, which could mean freeing a random not null pointer. This seems to never happen when all mp_int are intialized and checked one after another, but it's not guaranteed. Fix suggestion: Initialize every mp_int as {0,0,0,NULL} upon creation.
Hello, I have checked RSA_NewKey() code and found that 4 local variables (|p|,|q|,|e|,|d|) are initialized to {0,0,0,NULL} upon creation. Are these the variables that needed to be initialized? Thanks,
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•