Closed
Bug 303116
Opened 20 years ago
Closed 20 years ago
Two off-by-one errors in lib/freebl/ecl
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11
People
(Reporter: wtc, Assigned: wtc)
Details
Attachments
(4 files)
|
799 bytes,
patch
|
douglas
:
review+
|
Details | Diff | Splinter Review |
|
735 bytes,
patch
|
douglas
:
review+
|
Details | Diff | Splinter Review |
|
1.32 KB,
patch
|
douglas
:
review-
|
Details | Diff | Splinter Review |
|
563 bytes,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
I found two off-by-one errors in our ECC code in
mozilla/security/nss/lib/freebl/ecl. I will attach
patches to show where they are.
|
Assignee | |
Comment 1•20 years ago
|
||
Here is a common bug that the duplicate string buffer
doesn't have room for the terminating null byte. The
code also may call strcpy on a NULL group->text buffer.
I fixed it by using the strdup function.
Attachment #191368 -
Flags: review?(vipul.gupta)
|
|
Assignee | |
Comment 2•20 years ago
|
||
I don't know how to fix this off-by-one error.
The correct fix depends on whether the 'naf' array
should have orderBitSize or orderBitSize+1 elements.
The code in ec_GFp_pt_mul_jm_wNAF and ec_compute_wNAF
uses the 'naf' array with indices 0...orderBitSize, which
is why I guess the 'naf' array should have orderBitSize+1
elements. But it is also possible that the code in those
two functions should use the 'naf' array with indices
0...orderBitSize-1 (most C arrays are used this way), in
which case the array would have orderBitSize elements.
Vipul, Douglas, please advise.
Attachment #191369 -
Flags: review?(vipul.gupta)
|
|
Assignee | |
Comment 3•20 years ago
|
||
If the 'naf' array should have orderBitSize elements,
then this is the right fix.
|
|
Assignee | |
Comment 4•20 years ago
|
||
<strings.h> includes <string.h> and declares additional
BSD Unix functions: bcmp, bcopy, bzero, index, rindex, ffs,
strcasecmp, and strncasecmp.
ecl_mult.c doesn't use any of these BSD Unix functions and
doesn't even use any of the str* and mem* functions declared
in <string.h>. So the <strings.h> include can simply be removed.
This patch is required to build with ECC on Windows.
Attachment #191375 -
Flags: review?(rrelyea)
|
||
Comment 5•20 years ago
|
||
Douglas will start another internship at Sun on Mon, Aug 8
and he'd be the best person to answer questions about the
code in the ecl subdirectory.
vipul
(In reply to comment #3)
> Created an attachment (id=191371) [edit]
> Off-by-one error in the NAF buffer, alternative patch
>
> If the 'naf' array should have orderBitSize elements,
> then this is the right fix.
|
|
Assignee | |
Updated•20 years ago
|
Attachment #191368 -
Flags: review?(vipul.gupta) → review?(mozilla.org)
|
|
Assignee | |
Updated•20 years ago
|
Attachment #191369 -
Flags: review?(vipul.gupta) → review?(mozilla.org)
|
||
Updated•20 years ago
|
Attachment #191368 -
Flags: review?(mozilla.org) → review+
|
||
Updated•20 years ago
|
Attachment #191375 -
Flags: review?(rrelyea) → review+
|
|
||
Comment 6•20 years ago
|
||
Comment on attachment 191371 [details] [diff] [review]
Off-by-one error in the NAF buffer, alternative patch
Patch causes ecp_test to fail. The values of point multiplication are changed
by the changing of the size of the for loop in the patch to ecp_jm.c giving
incorrect results.
Attachment #191371 -
Flags: review-
|
|
||
Comment 7•20 years ago
|
||
Comment on attachment 191369 [details] [diff] [review]
Off-by-one error in the NAF buffer
Appears to correct the off-by-one error. Tests in .../freebl/ecl/tests passed.
This patch should be used instead of the alternate patch #191371.
Attachment #191369 -
Flags: review?(douglas) → review+
|
|
Assignee | |
Comment 8•20 years ago
|
||
Thanks a lot for the code review, Douglas and Bob.
I checked in the three reviewed patches on the NSS
trunk for NSS 3.11.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.11
You need to log in
before you can comment on or make changes to this bug.
Description
•