Closed Bug 306795 Opened 19 years ago Closed 19 years ago

nsIX509CertDB::IsCertTrusted() can return bogus values

Categories

(Core :: Security: PSM, defect, P1)

Product:
Core
Component:
Security: PSM
Platform:
PowerPC
macOS
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: sfraser_bugs, Assigned: KaiE)

Details

(Keywords: fixed1.8)

Attachments

(1 file)

Patch
1.40 KB, patch
dougt
: review+
rrelyea
: superreview+
mtschrep
: approval1.8b4+
Details | Diff | Splinter Review 
I'm seeing nsIX509CertDB::IsCertTrusted() return bogus trusted values for certs
that I'm downloading (I guess I'm driving the APIs differently from Firefox).

Looking at the code, nsNSSCertificateDB::IsCertTrusted() is ignoring the return
value from CERT_GetCertTrust(), and so uninitialized bits of stack memory.

GetCertTrust() is failing because cert->trust is null.
This would seem to be fairly serious.
Flags: blocking1.8b4?
Priority: -- → P1
Attached patch PatchSplinter Review 

  

  



        Attachment #194635 -
        Flags: superreview?(dougt)

        Attachment #194635 -
        Flags: review?(rrelyea)

    
  

        Attachment #194635 -
        Flags: superreview?(rrelyea)

        Attachment #194635 -
        Flags: superreview?(dougt)

        Attachment #194635 -
        Flags: review?(rrelyea)

        Attachment #194635 -
        Flags: review+

    
    

    
  
Triage team: this looks very low risk, high reward.

  

  



    
    

    
  
Please checkin and verify on trunk.  Then ask for approval for branch checkin.

  

  


Flags: blocking1.8b4? → blocking1.8b5+

    
    

    
  
Comment on attachment 194635 [details] [diff] [review]
Patch

Fortunately, I believe we only use this code in the UI for a Certificate
itself, but that doesn't mean it can't be set in the future. We should take
this patch into 1.85
r=relyea

  

  



        Attachment #194635 -
        Flags: superreview?(rrelyea) → superreview+
Whiteboard: [has r+SR]

    
    

    
  
Comment on attachment 194635 [details] [diff] [review]
Patch

Checked in on the trunk. Requesting branch approval; this is a very low-risk
fix.

  

  



        Attachment #194635 -
        Flags: approval1.8b4?

    
    

    
  
Fixed on trunk.

  

  


Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Whiteboard: [has r+SR]

    
  

        Attachment #194635 -
        Flags: approval1.8b4? → approval1.8b4+

    
    

    
  
/cvsroot/mozilla/security/manager/ssl/src/nsNSSCertificateDB.cpp,v  <-- 
nsNSSCertificateDB.cpp
new revision: 1.15.20.1; previous revision: 1.15

Fixed on branch.

  

  


Keywords: fixed1.8

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: