PBKDF2 memory leak in NSC_GenerateKey if key length > MAX_KEY_LEN (256)
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
People
(Reporter: guidovranken, Assigned: marcus.apb)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0
Steps to reproduce:
PBKDF2 with keysize > 256
See attached file.
Actual results:
Memory leak (NSSPKCS5PBEParameter allocated but not freed).
In NSC_GenerateKey, after NSSPKCS5PBEParameter has been allocated to pbe_param by nsc_SetupPBEKeyGen, the following checks return to caller without freeing pbe_param:
/* make sure we aren't going to overflow the buffer */
if (sizeof(buf) < key_length) {
/* someone is getting pretty optimistic about how big their key can
* be... */
crv = CKR_TEMPLATE_INCONSISTENT;
}
if (crv != CKR_OK) {
goto loser;
}
Expected results:
No memory leak.
Assignee | ||
Comment 2•5 years ago
|
||
Sure. I will deal with this this tomorrow.
Assignee | ||
Comment 3•5 years ago
|
||
Confirmed. Sending a patch soon.
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 4•5 years ago
|
||
Assignee | ||
Comment 5•5 years ago
|
||
During the flow analysis, I could find another leak similar with the reported in this bug. Both were fixed in this patch.
Comment 6•5 years ago
|
||
Comment 7•5 years ago
|
||
Caused in commit 7ef8d2604494.
Comment 8•5 years ago
|
||
Fixup needed for coverity issue discovered upon uplift: https://phabricator.services.mozilla.com/D52779#1605218
Comment 9•5 years ago
|
||
Description
•