Closed
Bug 263691
Opened 20 years ago
Closed 20 years ago
UMR in get_nss_trust
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.10
People
(Reporter: ajschult784, Assigned: nelson)
References
()
Details
Attachments
(1 file)
847 bytes,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
when loading a secure site (including bugzilla), valgrind complains about an uninitialized memory read in get_nss_trust: Conditional jump or move depends on uninitialised value(s) get_nss_trust (ckhelper.c:520) nssCryptokiTrust_GetAttributes (ckhelper.c:585) nssTrust_Create (certificate.c:1042) nssTrustDomain_FindTrustForCertificate (trustdomain.c:1236) nssTrust_GetCERTCertTrustForCert (pki3hack.c:586) fill_CERTCertificateFields (pki3hack.c:752) stan_GetCERTCertificate (pki3hack.c:805) STAN_GetCERTCertificate (pki3hack.c:829)
Comment 1•20 years ago
|
||
It's not immediately obvious to me how 'caTrust' may be used uninitialized, but it might be a good idea to initialize it to a reasonable initial value.
Assignee | ||
Comment 2•20 years ago
|
||
nssCryptokiTrust_GetAttributes calls nssToken_GetCachedObjectAttributes to fill in values into the 4 CK_TRUST variables saTrust, caTrust, epTrust, csTrust; and if that fails, nssCryptokiTrust_GetAttributes calls nssCKObject_GetAttributes to fill in the values for those variables. It is possible for nssCKObject_GetAttributes to return success even if some of those variables are not filled in by the PKCS11 module, because their attribute bytes are unrecognized. That would leave one or more of the variables uninitialized. I would say the code should either a) initialize all those variables with values that mean "no trust", or b) initialize all those variables with values that mean "invalid value", and then test all the variables for that value after the call, to find variables that were not filled in, and take some error action in that case. However, another question is, how does the trust object end up pointing to a slot that doesn't recognize all the different trust attributes?
Updated•20 years ago
|
Assignee: wchang0222 → nelson
Priority: -- → P1
Target Milestone: --- → 3.10
Assignee | ||
Comment 3•20 years ago
|
||
No way this is P1. No crash. Not even incorrect behavior documented.
Severity: major → normal
Priority: P1 → P2
Assignee | ||
Comment 4•20 years ago
|
||
Not platform dependent
OS: Linux → All
Hardware: PC → All
Version: unspecified → 3.9
Assignee | ||
Comment 5•20 years ago
|
||
Wan-Teh, please review.
Attachment #169492 -
Flags: review?(wtchang)
Assignee | ||
Updated•20 years ago
|
Status: NEW → ASSIGNED
Comment 6•20 years ago
|
||
Comment on attachment 169492 [details] [diff] [review] patch v1 r=wtc.
Attachment #169492 -
Flags: review?(wtchang) → review+
Assignee | ||
Comment 7•20 years ago
|
||
Thanks for the quick review! /cvsroot/mozilla/security/nss/lib/dev/ckhelper.c,v <-- ckhelper.c new revision: 1.32; previous revision: 1.31 done
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•