Closed Bug 1642638 Opened 5 years ago Closed 5 years ago

nss:tls-server: ASSERT: PR_FALSE, at ../../lib/ssl/ssl3con.c:640

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kjacobs, Unassigned)

Details

(Keywords: sec-other)

Attachments

(1 file)

Bug 1642638 - Don't assert sid ciphersuite to be defined in fuzzer mode.
47 bytes, text/x-phabricator-request
Details | Review

OSS-Fuzz had found an assertion crash: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22960

On first glance it looks like the assertion just needs to be relaxed, since the server is checking data written by itself, but I haven't done a thorough analysis.

To reproduce build nss with ./build.sh --fuzz=tls --asan and run LD_LIBRARY_PATH=../dist/Debug/lib/ nssfuzz-tls-server testcase.

Reported-2020-06-02
Disclosure ~2020-08-31

Keywords: sec-other

Confirmed there is no security impact. The fuzzer is using an undefined value for the sid's ciphersuite. This is not unexpected since the tickets are unencrypted and unprotected in fuzzer mode. Ifdef'ing the assertions causes the testcase to complete (fail) normally.

https://hg.mozilla.org/projects/nss/rev/238bd7912429145d5f3ec2442fb61bb0b5602dfc

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.54
Group: crypto-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: