Closed
Bug 283765
Opened 20 years ago
Closed 20 years ago
uninitialized memory read on NSSUsage structure
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.10
People
(Reporter: julien.pierre, Assigned: julien.pierre)
Details
Attachments
(2 files, 1 obsolete file)
|
1.99 KB,
patch
|
julien.pierre
:
review-
|
Details | Diff | Splinter Review |
|
5.33 KB,
patch
|
julien.pierre
:
review+
|
Details | Diff | Splinter Review |
The dbx check access feature found that there is code in Stan that reads an
uninitialized NSSUsage structure. It needs to be initialized from the caller in
pk11wrap. Patch forthcoming.
|
Assignee | |
Updated•20 years ago
|
Priority: -- → P2
Target Milestone: --- → 3.10
|
|
Assignee | |
Comment 1•20 years ago
|
||
|
|
Assignee | |
Updated•20 years ago
|
Attachment #175624 -
Flags: review?(nelson)
|
||
Comment 2•20 years ago
|
||
Comment on attachment 175624 [details] [diff] [review]
initialize NSSUsage structure
NSSUsage is one of the new(er) Stan types. It is a multi-word struct that
takes the place of a value that was a single int before stan. There are
numerous problems with it, one of which is the cause of this bug. Here
are some of them:
1. NONE of the new stan functions that take pointers to NSSUsage declare
their arguments to be pointers to const, even though they make no changes
to the NSSUsage structs. This prevents the callers of those functions
from having static/global const values, which is what they should be.
Today, each function that passes an NSSUsage must create/initialize a
non-const copy before passing it. That's inefficient.
The members of an NSSUsage include two PRBools and an enum, which could
have been packed all into a PRUint32 (e.g. as bit-fields). That would
have eliminated all issues with const and with UMRs and would have been
considerably more efficient.
2. One of the members of NSSUsage is a PRBool named anyUsage. If non-zero,
it means "ignore all other members of this NSSUsage, and match any value".
This value should always be checked first in functions that use the values
of NSSUsages. If it is non-zero, the other values should not be loaded.
It *should* be valid to leave the other members of NSSUsage uninitialized
when anyUsage is true. But the function that experienced the UMR in this
case fetched every other member of the NSSUsage first, and checked anyYsage
last. If it had checked the value of anyUsage first, this UMR would not have
occurred. It never actually checks the values that it loaded first, but
loading them triggers the UMRs. Whatta waste.
A very large percentage of the memset calls done by NSS (directly or
indirectly) are for 16 bytes or less of memory. We want to reduce the
number of such memset calls, not increase them. So, I object to this
patch's use of memset to eliminate this pointless UMR.
Memset-free alternatives to eliminate this UMR include:
a) fix nss3certificate_matchUsage to not check/load the other members
of NSSUsage until after it has checked anyUsage and found it to to be
false. (In general, change it to not load members of argument structs
until they're needed, for efficiency.)
b) declare nss3certificate_matchUsage(),
nssCertificateArray_FindBestCertificate(), and nssDecodedCertStr.matchUsage()
to take pointers to CONST NSSUsage, then change PK11_FindCertFromNickname()
as follows:
- NSSUsage usage;
+ static const NSSUsage usage = {PR_TRUE };
- usage.anyUsage = PR_TRUE;
c) change PK11_FindCertFromNickname() as follows:
- NSSUsage usage;
+ static NSSUsage usage = {PR_TRUE };
- usage.anyUsage = PR_TRUE;
d) (least efficient) change PK11_FindCertFromNickname() as follows:
- NSSUsage usage;
+ static NSSUsage usage;
Attachment #175624 -
Flags: review?(nelson) → review-
|
|
||
Comment 3•20 years ago
|
||
This patch implements alternative a described above. It is untested.
|
|
||
Updated•20 years ago
|
Attachment #175673 -
Flags: review?(julien.pierre.bugs)
|
|
||
Comment 4•20 years ago
|
||
This patch implaments alternatives a and b. It builds without any new
warnings about const, but it is otherwise untested. I prefer this one.
Julien, please review. If you like alternatives a and/or b, and if they
solve the UMR, please feel free to commit either one.
|
|
||
Updated•20 years ago
|
Attachment #175624 -
Attachment is obsolete: true
Attachment #175677 -
Flags: review?(julien.pierre.bugs)
|
|
Assignee | |
Comment 5•20 years ago
|
||
Comment on attachment 175673 [details] [diff] [review]
alternative a
this patch is OK, but I like the other one better
Attachment #175673 -
Flags: review?(julien.pierre.bugs) → review-
|
|
Assignee | |
Comment 6•20 years ago
|
||
Comment on attachment 175677 [details] [diff] [review]
patch alternatives a + b
I have checked in this patch. I like the proper use of const - wish NSS did it
consistently .
Checking in pki3hack.c;
/cvsroot/mozilla/security/nss/lib/pki/pki3hack.c,v <-- pki3hack.c
new revision: 1.86; previous revision: 1.85
done
Checking in pkibase.c;
/cvsroot/mozilla/security/nss/lib/pki/pkibase.c,v <-- pkibase.c
new revision: 1.25; previous revision: 1.24
done
Checking in pkim.h;
/cvsroot/mozilla/security/nss/lib/pki/pkim.h,v <-- pkim.h
new revision: 1.26; previous revision: 1.25
done
Checking in pkitm.h;
/cvsroot/mozilla/security/nss/lib/pki/pkitm.h,v <-- pkitm.h
new revision: 1.13; previous revision: 1.12
done
Attachment #175677 -
Flags: review?(julien.pierre.bugs) → review+
|
|
Assignee | |
Updated•20 years ago
|
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 7•20 years ago
|
||
I forgot to mention that I verified it solved UMR with dbx . This was happening
with certutil -V . In dbx you can do "check -all" to enable the access checking
feature, which reports UMRs .
You need to log in
before you can comment on or make changes to this bug.
Description
•