Uninitialized variable 'slot' in ssl3_HandleServerHello in ssl3con.c

RESOLVED FIXED in 3.11

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
13 years ago
11 years ago

People

(Reporter: Wan-Teh Chang, Assigned: Nelson Bolyard (seldom reads bugmail))

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

13 years ago
When compiling revision 1.75 of ssl3con.c, I get this compiler
warning:

c:\nss-tip\mozilla\security\nss\lib\ssl\ssl3con.c(4254) : warning C4700: local v
ariable 'slot' used without having been initialized
(Reporter)

Updated

13 years ago
Priority: -- → P1
Target Milestone: --- → 3.11

Comment 1

12 years ago
This call is part of a block of code that says :
	    /* We CAN restart a bypass session in a non-bypass socket. */
	    /* need to import the raw master secret to session object */

This code path has likely never been tested.
The compiler is correct to warn, and the program will crash on this PK11_FreeSlot.

IMO, we should either create a test case for this code path and add it to all.sh, or remove it altogether, as I'm not sure it is needed - we can probably get away with doing a full handshake instead of a restart.

(Assignee)

Comment 2

12 years ago
Created attachment 203342 [details] [diff] [review]
patch v1

The erroneous code in ssl3_HandleServerHello is almost identical to another 
block of code in ssl3_HandleClientHello, which works.  So, this patch changes
the former client code to behave the same as, and more closely resemble, the 
later server code.
Attachment #203342 - Flags: review?(wtchang)
(Reporter)

Comment 3

12 years ago
Comment on attachment 203342 [details] [diff] [review]
patch v1

Nelson, did you compile this code?  'slot' is
now only declared in one of the blocks that use
it.
Attachment #203342 - Flags: review?(wtchang) → review-
(Reporter)

Comment 4

12 years ago
Comment on attachment 203342 [details] [diff] [review]
patch v1

> 	} else {
> 	    /* We CAN restart a bypass session in a non-bypass socket. */
> 	    /* need to import the raw master secret to session object */
>+	    PK11SlotInfo *slot = PK11_GetInternalSlot();

Sorry, I thought this is an assignment statement, but
it is a declaration with an initializer.  r=wtc.
Attachment #203342 - Flags: review- → review+
(Assignee)

Comment 5

12 years ago
Checking in ssl3con.c;
/cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v  <--  ssl3con.c
new revision: 1.76; previous revision: 1.75
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.