Closed Bug 1642638 Opened 11 months ago Closed 11 months ago

nss:tls-server: ASSERT: PR_FALSE, at ../../lib/ssl/ssl3con.c:640

Categories

(NSS :: Libraries, defect)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: kjacobs, Unassigned)

Details

(Keywords: sec-other)

Attachments

(1 file)

OSS-Fuzz had found an assertion crash: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22960

On first glance it looks like the assertion just needs to be relaxed, since the server is checking data written by itself, but I haven't done a thorough analysis.

To reproduce build nss with ./build.sh --fuzz=tls --asan and run LD_LIBRARY_PATH=../dist/Debug/lib/ nssfuzz-tls-server testcase.

Reported-2020-06-02
Disclosure ~2020-08-31

Keywords: sec-other

Confirmed there is no security impact. The fuzzer is using an undefined value for the sid's ciphersuite. This is not unexpected since the tickets are unencrypted and unprotected in fuzzer mode. Ifdef'ing the assertions causes the testcase to complete (fail) normally.

Status: NEW → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → 3.54
Group: crypto-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.