SSL_SecurityStatus() crashes when AES ciphersuite in use

RESOLVED FIXED in 3.6.1

Status

P1
normal
RESOLVED FIXED
16 years ago
16 years ago

People

(Reporter: nelson, Assigned: nelson)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

When the AES ciphersuites were added to NSS 3.4, the 128-bit and 256-bit 
AES bulk ciphers were added to the enumerated type SSL3BulkCipher, but the 
corresponding strings "AES-128" and "AES-256" were not added to the table
of bulk cipher names known as ssl3_cipherName[] in ssl3con.c.  

Consequently, when an NSS user calls SSL_SecurityStatus for an SSL socket
that is using 256-bit AES, a crash occurs because a pointer is obtained
from past the end of the ssl3_cipherName table.  

The strings should be added to ssl3_cipherName, and a comment should be
added to the enum SSL3BulkCipher, reminding developers to keep the 
array of strings in sync with the enum.
I'm marking this P1 for 3.7.  If you think it needs to go into 3.6.1, 
please advise.
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 3.7

Comment 2

16 years ago
Does Mozilla/Netscape use AES? If so we should definately get it in NSS 3.6.
I would vote for getting it in either case anyway, but I'm not sure it would be
as critical to do so.

bob
Created attachment 105124 [details] [diff] [review]
fix bulk cipher string table, add comment to enum type

This bug was reported by a server product that uses NSS.

I _think_ that PSM has switched from using SSL_SecurityStatus to using
SSL_GetChannelInfo and SSL_GetCipherSuiteInfo, which do not have this
problem.  

NSS stopped testing SSL_SecurityStatus when SSL_GetChannelInfo and
SSL_GetCipherSuiteInfo were added to libSSL.
Fixed on trunk and in NSS 3.6.1 branch.
Status: ASSIGNED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
Target Milestone: 3.7 → 3.6.1
You need to log in before you can comment on or make changes to this bug.