1.08 KB, patch
|Details | Diff | Splinter Review|
When the AES ciphersuites were added to NSS 3.4, the 128-bit and 256-bit AES bulk ciphers were added to the enumerated type SSL3BulkCipher, but the corresponding strings "AES-128" and "AES-256" were not added to the table of bulk cipher names known as ssl3_cipherName in ssl3con.c. Consequently, when an NSS user calls SSL_SecurityStatus for an SSL socket that is using 256-bit AES, a crash occurs because a pointer is obtained from past the end of the ssl3_cipherName table. The strings should be added to ssl3_cipherName, and a comment should be added to the enum SSL3BulkCipher, reminding developers to keep the array of strings in sync with the enum.
I'm marking this P1 for 3.7. If you think it needs to go into 3.6.1, please advise.
Does Mozilla/Netscape use AES? If so we should definately get it in NSS 3.6. I would vote for getting it in either case anyway, but I'm not sure it would be as critical to do so. bob
Created attachment 105124 [details] [diff] [review] fix bulk cipher string table, add comment to enum type This bug was reported by a server product that uses NSS. I _think_ that PSM has switched from using SSL_SecurityStatus to using SSL_GetChannelInfo and SSL_GetCipherSuiteInfo, which do not have this problem. NSS stopped testing SSL_SecurityStatus when SSL_GetChannelInfo and SSL_GetCipherSuiteInfo were added to libSSL.
Fixed on trunk and in NSS 3.6.1 branch.