Closed
Bug 311590
Opened 19 years ago
Closed 19 years ago
Uninitialized variable 'slot' in ssl3_HandleServerHello in ssl3con.c
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11
People
(Reporter: wtc, Assigned: nelson)
Details
Attachments
(1 file)
2.02 KB,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
When compiling revision 1.75 of ssl3con.c, I get this compiler warning: c:\nss-tip\mozilla\security\nss\lib\ssl\ssl3con.c(4254) : warning C4700: local v ariable 'slot' used without having been initialized
Reporter | ||
Updated•19 years ago
|
Priority: -- → P1
Target Milestone: --- → 3.11
Comment 1•19 years ago
|
||
This call is part of a block of code that says : /* We CAN restart a bypass session in a non-bypass socket. */ /* need to import the raw master secret to session object */ This code path has likely never been tested. The compiler is correct to warn, and the program will crash on this PK11_FreeSlot. IMO, we should either create a test case for this code path and add it to all.sh, or remove it altogether, as I'm not sure it is needed - we can probably get away with doing a full handshake instead of a restart.
Assignee | ||
Comment 2•19 years ago
|
||
The erroneous code in ssl3_HandleServerHello is almost identical to another block of code in ssl3_HandleClientHello, which works. So, this patch changes the former client code to behave the same as, and more closely resemble, the later server code.
Attachment #203342 -
Flags: review?(wtchang)
Reporter | ||
Comment 3•19 years ago
|
||
Comment on attachment 203342 [details] [diff] [review] patch v1 Nelson, did you compile this code? 'slot' is now only declared in one of the blocks that use it.
Attachment #203342 -
Flags: review?(wtchang) → review-
Reporter | ||
Comment 4•19 years ago
|
||
Comment on attachment 203342 [details] [diff] [review] patch v1 > } else { > /* We CAN restart a bypass session in a non-bypass socket. */ > /* need to import the raw master secret to session object */ >+ PK11SlotInfo *slot = PK11_GetInternalSlot(); Sorry, I thought this is an assignment statement, but it is a declaration with an initializer. r=wtc.
Attachment #203342 -
Flags: review- → review+
Assignee | ||
Comment 5•19 years ago
|
||
Checking in ssl3con.c; /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v <-- ssl3con.c new revision: 1.76; previous revision: 1.75
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•