Closed Bug 276153 Opened 20 years ago Closed 19 years ago

Null values in NSS_Initialize cause NSS to crash

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.9.3
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: jason.m.reid, Unassigned)

Details

(Keywords: crash) 

Passing a null value to any of the first four arguments to NSS_Initialize
causes it to crash, segmentation fault. I am of the opinion, it should return
SECFailure instead.

The following code crashes NSS (from a initialization routines test work in
progress.)
        /* NSS_Initialize should neither crash nor succeed with NULL values */
        secStatus = NSS_Initialize(localDir, prefix, prefix, NULL, 0);
        if (secStatus == SECSuccess) {
                fprintf(stderr,
"ERROR: NSS_Initialize with last NULL value passed.\n");
                rv++;
        }
        secStatus = NSS_Initialize(localDir, prefix, NULL, NULL, 0);
        if (secStatus == SECSuccess) {
                fprintf(stderr,
"ERROR: NSS_Initialize with two last NULL values passed.\n");
                rv++;
        }
        secStatus = NSS_Initialize(localDir, NULL, NULL, NULL, 0);
        if (secStatus == SECSuccess) {
                fprintf(stderr,
"ERROR: NSS_Initialize with three last NULL values passed.\n");
                rv++;
        }
        secStatus = NSS_Initialize(NULL, NULL, NULL, NULL, 0);
        if (secStatus == SECSuccess) {
                fprintf(stderr,
"ERROR: NSS_Initialize with all NULL four values passed.\n");
                rv++;
        }

jmr@d-nwk12-124-76:~/work/nss/tests/Initialization> gdb init_tests
GNU gdb 5.3.92
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-suse-linux"...
(gdb) run
Starting program: /home/jmr/work/nss/tests/Initialization/init_tests
[New Thread 16384 (LWP 3664)]
NSS is NOT initialized - expected
NSS_Shutdown without initialization passed
NSS_NoDB_Init(NULL) passed
NSS_Shutdown after NSS_NoDB_Init passed
NSS_NoDB_Init(localDir) passed - no databases created
NSS_Init(NULL) failed (expected)
NSS_InitReadWrite(localDir) passed
NSS_Init(localDir) passed
NSS_Initialize passed

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 3664)]
0x40142243 in strlen () from /lib/i686/libc.so.6
(gdb) where
#0  0x40142243 in strlen () from /lib/i686/libc.so.6
#1  0x400287e9 in nss_FindExternalRootPaths (dbpath=0x8048d40 ".",
    secmodprefix=0x0, retoldpath=0xbffff07c, retnewpath=0xbffff080)
    at nssinit.c:310
#2  0x400289a1 in nss_FindExternalRoot (dbpath=0x8048d40 ".", secmodprefix=0x0)
    at nssinit.c:364
#3  0x40028c7e in nss_Init (configdir=0x8048d40 ".",
    certPrefix=0x8048d42 "toast", keyPrefix=0x8048d42 "toast", secmodName=0x0,
    readOnly=0, noCertDB=0, noModDB=0, forceOpen=0, noRootInit=0,
    optimizeSpace=0) at nssinit.c:480
#4  0x40028d83 in NSS_Initialize (configdir=0x8048d40 ".",
    certPrefix=0x8048d42 "toast", keyPrefix=0x8048d42 "toast", secmodName=0x0,
    flags=0) at nssinit.c:528
#5  0x08048ad3 in main (argc=1, argv=0xbffff1b4) at init_tests.c:142
(gdb)
jmr@d-nwk12-124-76:~/work/nss/tests/Initialization> gdb init_tests
GNU gdb 5.3.92
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-suse-linux"...
(gdb) run
Starting program: /home/jmr/work/nss/tests/Initialization/init_tests
[New Thread 16384 (LWP 3664)]
NSS is NOT initialized - expected
NSS_Shutdown without initialization passed
NSS_NoDB_Init(NULL) passed
NSS_Shutdown after NSS_NoDB_Init passed
NSS_NoDB_Init(localDir) passed - no databases created
NSS_Init(NULL) failed (expected)
NSS_InitReadWrite(localDir) passed
NSS_Init(localDir) passed
NSS_Initialize passed

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 3664)]
0x40142243 in strlen () from /lib/i686/libc.so.6
(gdb) where
#0  0x40142243 in strlen () from /lib/i686/libc.so.6
#1  0x400287e9 in nss_FindExternalRootPaths (dbpath=0x8048d40 ".",
    secmodprefix=0x0, retoldpath=0xbffff07c, retnewpath=0xbffff080)
    at nssinit.c:310
#2  0x400289a1 in nss_FindExternalRoot (dbpath=0x8048d40 ".", secmodprefix=0x0)
    at nssinit.c:364
#3  0x40028c7e in nss_Init (configdir=0x8048d40 ".",
    certPrefix=0x8048d42 "toast", keyPrefix=0x8048d42 "toast", secmodName=0x0,
    readOnly=0, noCertDB=0, noModDB=0, forceOpen=0, noRootInit=0,
    optimizeSpace=0) at nssinit.c:480
#4  0x40028d83 in NSS_Initialize (configdir=0x8048d40 ".",
    certPrefix=0x8048d42 "toast", keyPrefix=0x8048d42 "toast", secmodName=0x0,
    flags=0) at nssinit.c:528
#5  0x08048ad3 in main (argc=1, argv=0xbffff1b4) at init_tests.c:142
(gdb)
Severity: normal → critical
Keywords: crash
Summary: null values in NSS_Initialize cause NSS to crash → Null values in NSS_Initialize cause NSS to crash
QA Contact: bishakhabanerjee → jason.m.reid
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
Programmer is responsible that arguments passed are valid.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.