Closed Bug 2018200 Opened 4 months ago Closed 3 months ago

Wrong len passed to tls_SignOrVerifyUpdate for kCtxStr

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(nss 3.122, firefox-esr115 wontfix, firefox-esr140 wontfix, firefox148 wontfix, firefox149 wontfix, firefox150 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
nss --- 3.122
firefox-esr115 --- wontfix
firefox-esr140 --- wontfix
firefox148 --- wontfix
firefox149 --- wontfix
firefox150 --- fixed

People

(Reporter: mdauer, Assigned: mdauer)

References

(Regression)

Details

(Keywords: regression, sec-other, Whiteboard: [adv-main150-])

Attachments

(1 file)

Bug 2018200 - Fix kCtxStr len passed to tls_SignOrVerifyUpdate, r?rrelyea,#nss-reviewers
48 bytes, text/x-phabricator-request
Details | Review

Currently, the pointer of kCtxStr is advanced before calling strlen (https://searchfox.org/nss/rev/32c217f646beddadebfd7fb6328ddfc5d37c7ae3/lib/ssl/tls13subcerts.c#325):

    rv = tls_SignOrVerifyUpdate(ctx, kCtxStr,
                                strlen((const char *)kCtxStr + 1 /* 0-byte */));

Instead of:

    rv = tls_SignOrVerifyUpdate(ctx, kCtxStr,
                                strlen((const char *)kCtxStr) + 1 /* 0-byte */);

I don't think this has any security implications, but marking this security-sensitive out of precaution. Bob, what do you think?

Flags: needinfo?(rrelyea)

It took me 5 minutes to find the difference...

Logically,

rv = tls_SignOrVerifyUpdate(ctx, kCtxStr,
                            strlen((const char *)kCtxStr) + 1 /* 0-byte */);

seems to be correct, we feed to the sign function the kCtxStr and ask to use lengths of kCtxStr bytes + the \0.

But then:
imagine the kCtxStr is "a" "b" "c". In memory it is "a" "b" "c" \0.
in the right case, strLen(kCtxStr) + 1 gives us 4?
in the wrong case, strlen(kCtxStr + 1) = 2, right?

Such way, in the right case we gonna SignOnVerify("abc0"), otherwise SignOnVerify("ab")?

Keywords: sec-other

yeah, this isn't a security issue, It's a correctness issue. We can clear the security issue from the bug.

Flags: needinfo?(rrelyea)

I verfied the downstream code was correct. The change was made after a review comment on https://phabricator.services.mozilla.com/D263840 (sigh).

I've added Standa unto this bug. He says that currently we don't do delegated certificates in our interop testing, which is why it wasn't caught :(

Group: crypto-core-security
Severity: -- → S3
Priority: -- → P1
Attachment #9546799 - Attachment description: (secure) → Bug 2018200 - Fix kCtxStr len passed to tls_SignOrVerifyUpdate, r?rrelyea,#nss-reviewers

Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/projects/nss/rev/1388dbf858b3
Fix kCtxStr len passed to tls_SignOrVerifyUpdate, r=rrelyea,nss-reviewers,keeler

Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Whiteboard: [adv-main150-]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: