Closed Bug 169577 Opened 23 years ago Closed 23 years ago

SGN_End crashes if DSA signature fails

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jamie-bugzilla, Assigned: wtc)

Details

Attachments

(1 file)

proposed patch
469 bytes, patch
wtc
: review+
Details | Diff | Splinter Review
In SGN_End() in secsign.c, if the call to PK11_Sign fails (rv == SECFailure), we don't goto loser. Instead we set sigitem.data=NULL, but we leave sigitem.len==signatureLen. For DSA, we then pass this invalid secitem into DSAU_EncodeDerSign, which SEGVs when it tries to dereference the NULL pointer.
Attached patch proposed patchSplinter Review
goto loser if the signing operation fails.
Comment on attachment 99767 [details] [diff] [review] proposed patch r=wtc. Please check it into the tip and mark the bug fixed in target milestone 3.6. Thanks.
Attachment #99767 - Flags: review+
Fixed on trunk: /cvsroot/mozilla/security/nss/lib/cryptohi/secsign.c,v <-- secsign.c new revision: 1.4; previous revision: 1.3
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.6
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: