Closed Bug 311590 Opened 20 years ago Closed 20 years ago

Uninitialized variable 'slot' in ssl3_HandleServerHello in ssl3con.c

Categories

(NSS :: Libraries, defect, P1)

3.11
defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: wtc, Assigned: nelson)

Details

Attachments

(1 file)

When compiling revision 1.75 of ssl3con.c, I get this compiler warning: c:\nss-tip\mozilla\security\nss\lib\ssl\ssl3con.c(4254) : warning C4700: local v ariable 'slot' used without having been initialized
Priority: -- → P1
Target Milestone: --- → 3.11
This call is part of a block of code that says : /* We CAN restart a bypass session in a non-bypass socket. */ /* need to import the raw master secret to session object */ This code path has likely never been tested. The compiler is correct to warn, and the program will crash on this PK11_FreeSlot. IMO, we should either create a test case for this code path and add it to all.sh, or remove it altogether, as I'm not sure it is needed - we can probably get away with doing a full handshake instead of a restart.
Attached patch patch v1Splinter Review
The erroneous code in ssl3_HandleServerHello is almost identical to another block of code in ssl3_HandleClientHello, which works. So, this patch changes the former client code to behave the same as, and more closely resemble, the later server code.
Attachment #203342 - Flags: review?(wtchang)
Comment on attachment 203342 [details] [diff] [review] patch v1 Nelson, did you compile this code? 'slot' is now only declared in one of the blocks that use it.
Attachment #203342 - Flags: review?(wtchang) → review-
Comment on attachment 203342 [details] [diff] [review] patch v1 > } else { > /* We CAN restart a bypass session in a non-bypass socket. */ > /* need to import the raw master secret to session object */ >+ PK11SlotInfo *slot = PK11_GetInternalSlot(); Sorry, I thought this is an assignment statement, but it is a declaration with an initializer. r=wtc.
Attachment #203342 - Flags: review- → review+
Checking in ssl3con.c; /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v <-- ssl3con.c new revision: 1.76; previous revision: 1.75
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: