Closed
Bug 162763
Opened 22 years ago
Closed 22 years ago
CERT_DecodeBasicConstraintValue fails with empty basic constraints
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: julien.pierre, Assigned: wtc)
Details
(Whiteboard: [sg:nse] confidential until IP address expunged)
Attachments
(1 file)
538 bytes,
patch
|
Details | Diff | Splinter Review |
Updated•22 years ago
|
Group: security?
Assignee | ||
Updated•22 years ago
|
Not accessible to reporter
Assignee | ||
Updated•22 years ago
|
Accessible to reporter
Reporter | ||
Comment 2•22 years ago
|
||
This was resolved when the large checkin for quickder went in yesterday, as part of fix for bug #160805.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 3•22 years ago
|
||
wtc et al, are you OK with making this bug public? Looks like it wasn't really an exploit anyway, but please confirm.
Comment 4•22 years ago
|
||
There's no exploit here. NSS rejects certs with pointless (empty) basicConstraints extensions. No crash, no exploit. I see no reason for this to be "security sensitive".
Reporter | ||
Comment 5•22 years ago
|
||
The IP address with the test exploit for IE given was given to us privately and was not supposed to be made public, but I was unware of that when I posted the bug. This is why it was made security sensitive.
Comment 6•22 years ago
|
||
Since there is no exploit here, how is this IP address security sensitive?
Reporter | ||
Comment 7•22 years ago
|
||
That IP address isn't one of ours. Somebody outside of Netscape setup a test system to reproduce the IE exploit, but intended only for us to be aware of that address, not the world.
Comment 8•22 years ago
|
||
We need to expunge that confidential IP address or else remove this bug from the database; it can't stay security-sensitive.
Reporter | ||
Comment 9•22 years ago
|
||
I would say delete it . I don't know how to do that, though.
Updated•20 years ago
|
Whiteboard: [sg:nse] confidential until IP address expunged
Updated•18 years ago
|
Group: security
You need to log in
before you can comment on or make changes to this bug.
Comment 1
•