Closed
Bug 334459
Opened 19 years ago
Closed 19 years ago
Variable "cipherName" tracked as NULL was passed to a function that dereferences it. [@ PORT_Strdup - SSL_SecurityStatus]
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.1
People
(Reporter: timeless, Assigned: alvolkov.bgs)
References
()
Details
(Keywords: coverity, crash, Whiteboard: CID 202)
Crash Data
Attachments
(1 file)
|
826 bytes,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
found by coverity
Attachment #218797 -
Flags: review?(nelson)
|
||
Comment 2•19 years ago
|
||
Comment on attachment 218797 [details] [diff] [review]
don't jump after looking
If cipherName is ever NULL here, there is a BIG flag elsewhere in the
SSL code. It would require that ss->sec.cipherType contain an invalid
value, outside of the range of the arrays ssl_cipherName and
ssl3_cipherNamem which would indicate a coding error in libSSL.
This patch does avoid that crash, but it should be more aggressive.
We should put in an assertion that cipherName is not NULL.
So add one more line, right here.
>- if (cipherName && PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE;
PORT_Assert(cipherName);
>+ if (cipherName) {
>+ if (PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE;
>
>- if (cp) {
>- *cp = PORT_Strdup(cipherName);
>- }
>+ if (cp) {
>+ *cp = PORT_Strdup(cipherName);
>+ }
>+ }
>
> if (kp0) {
> *kp0 = ss->sec.keyBits;
Attachment #218797 -
Flags: review?(nelson) → review+
|
|
||
Comment 3•19 years ago
|
||
> If cipherName is ever NULL here, there is a BIG flag elsewhere in the
Make that: a big BUG
Severity: critical → normal
OS: Linux → All
Priority: -- → P3
Hardware: PC → All
|
|
||
Updated•19 years ago
|
Target Milestone: --- → 3.11.1
|
Assignee | |
Comment 4•19 years ago
|
||
tip:
/cvsroot/mozilla/security/nss/lib/ssl/sslauth.c,v <-- sslauth.c
new revision: 1.16; previous revision: 1.15
3.11 branch:
/cvsroot/mozilla/security/nss/lib/ssl/sslauth.c,v <-- sslauth.c
new revision: 1.15.2.1; previous revision: 1.15
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•19 years ago
|
Assignee: nobody → alexei.volkov.bugs
|
||
Updated•14 years ago
|
Crash Signature: [@ PORT_Strdup - SSL_SecurityStatus]
You need to log in
before you can comment on or make changes to this bug.
Description
•