Closed Bug 1910079 Opened 1 year ago Closed 1 year ago

NSS DTLS Client fuzzer sets invalid ssl version range

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: mdauer, Assigned: mdauer)

Details

Attachments

(1 file)

Bug 1910079 - Fix min ssl version for DTLS client fuzzer, r=djackson,jschanck 1 year ago Maurice Dauer [:mdauer] 48 bytes, text/x-phabricator-request		Details \| Review

Maurice Dauer [:mdauer]

Assignee

Description

•

1 year ago

The follwing lines cause an assertion failure:

    rv = SSL_VersionRangeSet(fd, &config->VersionRange());
    assert(rv == SECSuccess);

The DTLS and TLS client fuzzer use the same min and max values for the SSL version range, however DTLS requires at least version 0x302.

Maurice Dauer [:mdauer]

Assignee

Comment 1

•

1 year ago

Attached file Bug 1910079 - Fix min ssl version for DTLS client fuzzer, r=djackson,jschanck — Details

John Schanck [:jschanck]

Updated

•

1 year ago

Group: crypto-core-security

Severity: -- → S4

Priority: -- → P3

John Schanck [:jschanck]

Comment 2

•

1 year ago

https://hg.mozilla.org/projects/nss/rev/a147ab2834b3243ffbc38e3d096c897a79285e2d

Status: ASSIGNED → RESOLVED

Closed: 1 year ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

NSS DTLS Client fuzzer sets invalid ssl version range

Categories

(NSS :: Test, defect, P3)

Tracking

(Not tracked)

People

(Reporter: mdauer, Assigned: mdauer)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 2

Attachment

General

Description

File Name

Content Type