Closed Bug 178342 Opened 22 years ago Closed 22 years ago

SSL_SecurityStatus() crashes when AES ciphersuite in use

Categories

(NSS :: Libraries, defect, P1)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: nelson, Assigned: nelson)

Details

Attachments

(1 file)

When the AES ciphersuites were added to NSS 3.4, the 128-bit and 256-bit 
AES bulk ciphers were added to the enumerated type SSL3BulkCipher, but the 
corresponding strings "AES-128" and "AES-256" were not added to the table
of bulk cipher names known as ssl3_cipherName[] in ssl3con.c.  

Consequently, when an NSS user calls SSL_SecurityStatus for an SSL socket
that is using 256-bit AES, a crash occurs because a pointer is obtained
from past the end of the ssl3_cipherName table.  

The strings should be added to ssl3_cipherName, and a comment should be
added to the enum SSL3BulkCipher, reminding developers to keep the 
array of strings in sync with the enum.
I'm marking this P1 for 3.7.  If you think it needs to go into 3.6.1, 
please advise.
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 3.7
Does Mozilla/Netscape use AES? If so we should definately get it in NSS 3.6.
I would vote for getting it in either case anyway, but I'm not sure it would be
as critical to do so.

bob
This bug was reported by a server product that uses NSS.

I _think_ that PSM has switched from using SSL_SecurityStatus to using
SSL_GetChannelInfo and SSL_GetCipherSuiteInfo, which do not have this
problem.  

NSS stopped testing SSL_SecurityStatus when SSL_GetChannelInfo and
SSL_GetCipherSuiteInfo were added to libSSL.
Fixed on trunk and in NSS 3.6.1 branch.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Target Milestone: 3.7 → 3.6.1
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: