SSL_SecurityStatus() crashes when AES ciphersuite in use

RESOLVED FIXED in 3.6.1

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
15 years ago
15 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Nelson Bolyard (seldom reads bugmail))

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

When the AES ciphersuites were added to NSS 3.4, the 128-bit and 256-bit 
AES bulk ciphers were added to the enumerated type SSL3BulkCipher, but the 
corresponding strings "AES-128" and "AES-256" were not added to the table
of bulk cipher names known as ssl3_cipherName[] in ssl3con.c.  

Consequently, when an NSS user calls SSL_SecurityStatus for an SSL socket
that is using 256-bit AES, a crash occurs because a pointer is obtained
from past the end of the ssl3_cipherName table.  

The strings should be added to ssl3_cipherName, and a comment should be
added to the enum SSL3BulkCipher, reminding developers to keep the 
array of strings in sync with the enum.
(Assignee)

Comment 1

15 years ago
I'm marking this P1 for 3.7.  If you think it needs to go into 3.6.1, 
please advise.
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 3.7

Comment 2

15 years ago
Does Mozilla/Netscape use AES? If so we should definately get it in NSS 3.6.
I would vote for getting it in either case anyway, but I'm not sure it would be
as critical to do so.

bob
(Assignee)

Comment 3

15 years ago
Created attachment 105124 [details] [diff] [review]
fix bulk cipher string table, add comment to enum type

This bug was reported by a server product that uses NSS.

I _think_ that PSM has switched from using SSL_SecurityStatus to using
SSL_GetChannelInfo and SSL_GetCipherSuiteInfo, which do not have this
problem.  

NSS stopped testing SSL_SecurityStatus when SSL_GetChannelInfo and
SSL_GetCipherSuiteInfo were added to libSSL.
(Assignee)

Comment 4

15 years ago
Fixed on trunk and in NSS 3.6.1 branch.
Status: ASSIGNED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
Target Milestone: 3.7 → 3.6.1
You need to log in before you can comment on or make changes to this bug.