Closed Bug 1742205 Opened 3 years ago Closed 2 years ago

Possible incorrect locking in nsNSSCallbacks.cpp

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
96 Branch
Tracking Flags:
Tracking Status
firefox-esr91 --- wontfix
firefox95 --- wontfix
firefox96 --- fixed

People

(Reporter: jesup, Assigned: keeler)

References

(Blocks 1 open bug)

Details

(Keywords: sec-audit, sec-low, Whiteboard: [psm-assigned][adv-main96-])

Attachments

(1 file)

Bug 1742205 - reorganize setting TLS handshake information r?jschanck
48 bytes, text/x-phabricator-request
Details | Review

PreliminaryHandshakeDone(fd) in nsNSSCallbacks.cpp accesses several fields that I think are supposed to be protected by the mMutex in nsNSSSocketInfo. In particular:

mCipherSuite, mProtocolVersion, mKeaGroup, and mSignatureSchemeName

I set a breakpoint and verified we do not hold the mutex at this point. Several of them appear to only be accessed with a locked mutex in TransportSecurityInfo.cpp, such as in GetSecretKeyLength() (mCipherSuite).

At minimum, even if none of these require locking, what's supposed to require locking should be documented in TransportSecurityInfo.h.

It would be nice if we could start using DataMutex instead. That would make it less likely to get the locking wrong when this code changes in the future.

Component: Security → Security: PSM
Group: core-security → crypto-core-security
Keywords: sec-audit
Assignee: nobody → dkeeler
Severity: -- → S2
Whiteboard: [psm-assigned]

(In reply to Sebastian Hengst [:aryx] (needinfo on intermittent or backout) from comment #3)

Based on https://firefox-source-docs.mozilla.org/bug-mgmt/processes/security-approval.html this needs a sec-approval to land.

Given there's no sec rating yet, I concur. dveditz?

Flags: needinfo?(dveditz)

These fields are for display purposes or tests, so this doesn't seem like a huge concern from a security perspective.

Flags: needinfo?(dkeeler)
Keywords: sec-low

reorganize setting TLS handshake information r=jschanck
https://hg.mozilla.org/integration/autoland/rev/7d346ded011aad5812aee428a25cc43e768d9ea6
https://hg.mozilla.org/mozilla-central/rev/7d346ded011a

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox96: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 96 Branch
Flags: needinfo?(dveditz)
Group: crypto-core-security → core-security-release
Flags: qe-verify-
Whiteboard: [psm-assigned] → [psm-assigned][adv-main96-]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: