Closed Bug 241013 Opened 20 years ago Closed 20 years ago

[FIX]nsNSSComponent::VerifySignature leaks on errors

Categories

(Core Graveyard :: Security: UI, defect, P1)

Product:
Core Graveyard
Component:
Security: UI
Version:
Other Branch
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Details

Attachments

(2 files, 2 obsolete files)

Patch using Nelson't suggestion 2
5.76 KB, patch
Details | Diff | Splinter Review
Same as diff -b, for review only
4.87 KB, patch
jgmyers
: review+
brendan
: superreview+
Details | Diff | Splinter Review
Attached patch Proposed patch (obsolete) — Splinter Review 
This conflicts with the patches in bug 240661, but oh, well.  I'll merge in
either direction as needed.
Attached patch Same as diff -b, FOR REVIEW ONLY (obsolete) — Splinter Review 

    
    

    
  
Comment on attachment 146528 [details] [diff] [review]
Same as diff -b, FOR REVIEW ONLY

John, would you review?  Nelson, if you have time to take a look, that would
also be much appreciated...

Who'd be a good sr for changes to this code?

        Attachment #146528 -
        Flags: review?(jgmyers)

    
    

    
  
Comment on attachment 146528 [details] [diff] [review]
Same as diff -b, FOR REVIEW ONLY

I don't think the fingerprint can have non-ASCII characters, so full UTF-8
conversion isn't absolutely necessary  there.

        Attachment #146528 -
        Flags: review?(jgmyers) → review+

    
    

    
  
Comment on attachment 146528 [details] [diff] [review]
Same as diff -b, FOR REVIEW ONLY

Brendan, would you sr?

        Attachment #146528 -
        Flags: superreview?(brendan)

    
    

    
  
Taking...
Assignee: kaie → bzbarsky
Priority: -- → P1
Summary: nsNSSComponent::VerifySignature leaks on errors → [FIX]nsNSSComponent::VerifySignature leaks on errors

    
    

    
  
Several suggestions about this patch:

1. I think you should ignore the return value from Update, and base your
decision entirely on the return value from Finish.  I do not know that it
can never be true that update returns an error bug finish also returns a
non-null value, so I think the assertion might conceivably hit.

2. You could replace the sequence of calls to the decoder (start, update, 
finish) with a single call to SEC_PKCS7DecodeItem().

3. NSS has an old PKCS7 decoder, and a new CMS decoder.  CMS is a major 
new revision of the old PKCS7 standard.  It allows signatures to contain a
superset of the things that were allowed in PKCS7.  AFAIK, the function 
being patched here is that last remaining use of the old PKCS7 decoder in 
mozilla.  All other calls have been converted to use the CMS decoder, IINM.
So, it might be good to start using the new NSS CMS decoder in this function,
rather than continuing to use the old PKCS7 decoder

However, the conversion may be non-trivial.  The CMS decoder function that 
is closest to SEC_PKCS7DecodeItem() is NSS_CMSMessage_CreateFromDER() 
(which should have been named FromBER).  So, the suggestion to convert to
the CMS decoder should probably be in another RFE.



    
    

    
  
Comment on attachment 146528 [details] [diff] [review]
Same as diff -b, FOR REVIEW ONLY

Yeah, item 3 sounds like a little more than I'm willing to do given my general
lack of knowledge in this code....  I'll work on doing item 2 (which obviates
item 1 if I read correctly).

        Attachment #146528 -
        Flags: superreview?(brendan)

    
    

    
  
Hmm.. Using SEC_PKCS7DecodeItem() means shoehorning my data into a SECItem,
which means converting my |const char*| to |unsigned char*|.  I guess I could
just reinterpret_cast it.... :(

    
    

    
  


  

        Attachment #146527 -
        Attachment is obsolete: true

        Attachment #146528 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 146632 [details] [diff] [review]
Same as diff -b, for review only

I went with siEncodedCertBuffer as the type, but that could well be totally
wrong.	If someone knows what the actual type is (not that SEC_PKCS7DecodeItem
cares), please tell me....

        Attachment #146632 -
        Flags: review?(jgmyers)

    
    

    
  
r=MisterSSL for the diffs between the two patches.  

There are very few places where si.type is used.  
I think you made the right choice.

    
  

        Attachment #146632 -
        Flags: review?(jgmyers) → review+

    
    

    
  
Comment on attachment 146632 [details] [diff] [review]
Same as diff -b, for review only

brendan, could you please sr?

        Attachment #146632 -
        Flags: superreview?(brendan)

    
    

    
  
Comment on attachment 146632 [details] [diff] [review]
Same as diff -b, for review only

sr=brendan@mozilla.org

/be

        Attachment #146632 -
        Flags: superreview?(brendan) → superreview+

    
    

    
  
Checked in on the trunk for Mozilla 1.8a.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED

    
  
Product: PSM → Core
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: