Closed Bug 1910079 Opened 2 months ago Closed 2 months ago

NSS DTLS Client fuzzer sets invalid ssl version range

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: mdauer, Assigned: mdauer)

Details

Attachments

(1 file)

Bug 1910079 - Fix min ssl version for DTLS client fuzzer, r=djackson,jschanck 2 months ago Maurice Dauer [:mdauer] 48 bytes, text/x-phabricator-request		Details \| Review

Maurice Dauer [:mdauer]

Assignee

Description

•

2 months ago

The follwing lines cause an assertion failure:

    rv = SSL_VersionRangeSet(fd, &config->VersionRange());
    assert(rv == SECSuccess);

The DTLS and TLS client fuzzer use the same min and max values for the SSL version range, however DTLS requires at least version 0x302.

Maurice Dauer [:mdauer]

Assignee

Comment 1

•

2 months ago

Attached file Bug 1910079 - Fix min ssl version for DTLS client fuzzer, r=djackson,jschanck — Details

John Schanck [:jschanck]

Updated

•

2 months ago

Group: crypto-core-security

Severity: -- → S4

Priority: -- → P3

John Schanck [:jschanck]

Comment 2

•

2 months ago

https://hg.mozilla.org/projects/nss/rev/a147ab2834b3243ffbc38e3d096c897a79285e2d

Status: ASSIGNED → RESOLVED

Closed: 2 months ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

NSS DTLS Client fuzzer sets invalid ssl version range

Categories

(NSS :: Test, defect, P3)

Tracking

(Not tracked)

People

(Reporter: mdauer, Assigned: mdauer)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 2

Attachment

General

Description

File Name

Content Type