Closed
Bug 281761
Opened 20 years ago
Closed 20 years ago
VFY_CreateContext passes wrong key object to DecryptSigBlock
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.10
People
(Reporter: julien.pierre, Assigned: julien.pierre)
Details
Attachments
(1 file)
|
2.27 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
|
Assignee | |
Comment 1•20 years ago
|
||
secvfy.c contains the following code :
case rsaKey:
cx->type = VFY_RSA;
cx->key = SECKEY_CopyPublicKey(key); /* extra safety precautions */
if (sig) {
int hashid = 0;
rv = DecryptSigBlock(&hashid, &cx->digest[0],
key, sig, (char*)wincx);
cx->alg = hashid;
} else {
rv = decodeSigAlg(algid,&cx->alg);
}
This is incorrect. Why make a copy of the key object by precaution, and then
pass the original key object to DecryptSigBlock ?
The consequences of this mistake is that the original key object gets modified
underneath (the PKCS11 slot and object id get set) on the input key, rather than
the copied key .
Summary: VFY_CreateContext p wrong key object for → VFY_CreateContext p wrong key object for
|
|
Assignee | |
Updated•20 years ago
|
Summary: VFY_CreateContext p wrong key object for → VFY_CreateContext passes wrong key object to DecryptSigBlock
|
|
Assignee | |
Comment 2•20 years ago
|
||
1) pass the correct publickey to DecryptSigBlock from VFY_CreateContext Also, some minor code cleanup : 2) in DecryptSigBlock, remove unneeded dsig variable, and allocation/deallocation of it 3) change type of hashid to SECOidTag instead of int 4) initialize hashid to SEC_OID_UNKNOWN, in case DecryptSigBlock fails . (the last two problems occurred twice in the file)
|
|
Assignee | |
Updated•20 years ago
|
Priority: -- → P2
Target Milestone: --- → 3.10
|
|
Assignee | |
Updated•20 years ago
|
Attachment #173933 -
Flags: review?(nelson)
|
||
Comment 3•20 years ago
|
||
Comment on attachment 173933 [details] [diff] [review] minor fixes r=nelson How I wish that NSS functions would routinely declare suppsedly-unmodified arguments with const. If NSS did that, the compiler would have found this bug long ago.
Attachment #173933 -
Flags: review?(nelson) → review+
|
|
Assignee | |
Comment 4•20 years ago
|
||
Thanks, Nelson. I checked this patch in to the tip for NSS 3.10 . Checking in secvfy.c; /cvsroot/mozilla/security/nss/lib/cryptohi/secvfy.c,v <-- secvfy.c new revision: 1.13; previous revision: 1.12
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•