When the AES ciphersuites were added to NSS 3.4, the 128-bit and 256-bit
AES bulk ciphers were added to the enumerated type SSL3BulkCipher, but the
corresponding strings "AES-128" and "AES-256" were not added to the table
of bulk cipher names known as ssl3_cipherName in ssl3con.c.
Consequently, when an NSS user calls SSL_SecurityStatus for an SSL socket
that is using 256-bit AES, a crash occurs because a pointer is obtained
from past the end of the ssl3_cipherName table.
The strings should be added to ssl3_cipherName, and a comment should be
added to the enum SSL3BulkCipher, reminding developers to keep the
array of strings in sync with the enum.
I'm marking this P1 for 3.7. If you think it needs to go into 3.6.1,
Does Mozilla/Netscape use AES? If so we should definately get it in NSS 3.6.
I would vote for getting it in either case anyway, but I'm not sure it would be
as critical to do so.
Created attachment 105124 [details] [diff] [review]
fix bulk cipher string table, add comment to enum type
This bug was reported by a server product that uses NSS.
I _think_ that PSM has switched from using SSL_SecurityStatus to using
SSL_GetChannelInfo and SSL_GetCipherSuiteInfo, which do not have this
NSS stopped testing SSL_SecurityStatus when SSL_GetChannelInfo and
SSL_GetCipherSuiteInfo were added to libSSL.
Fixed on trunk and in NSS 3.6.1 branch.