Closed
Bug 337010
Opened 18 years ago
Closed 18 years ago
OOM crash [@ NSC_DigestKey] Dereferencing possibly NULL "att"
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.12
People
(Reporter: timeless, Assigned: alvolkov.bgs)
References
()
Details
(Keywords: coverity, crash, Whiteboard: FIPS [CID 533])
Crash Data
Attachments
(2 files, 1 obsolete file)
993 bytes,
patch
|
wtc
:
review+
nelson
:
superreview+
|
Details | Diff | Splinter Review |
1.05 KB,
patch
|
nelson
:
review+
wtc
:
superreview+
|
Details | Diff | Splinter Review |
Event returned_null: Function "sftk_FindAttribute" returned NULL value (checked 62 out of 65 times) [model]
Updated•18 years ago
|
Hardware: PC → All
Target Milestone: --- → 3.11.2
Updated•18 years ago
|
Priority: -- → P2
Assignee | ||
Updated•18 years ago
|
Assignee: nobody → alexei.volkov.bugs
Assignee | ||
Updated•18 years ago
|
Whiteboard: FIPS
Assignee | ||
Comment 1•18 years ago
|
||
Attachment #222397 -
Flags: review?(nelson)
Comment 2•18 years ago
|
||
The original URL given for this bug was for a different function, in a different source file, than the function named in the bug "summary". I guess we can go forward by relying on the bug summary alone. :/
Comment 3•18 years ago
|
||
Comment on attachment 222397 [details] [diff] [review] return error core if att is null Alexei, I think you attached the wrong patch to this bug. This bug complains about the following code in NSC_DigestKey: 5826 /* get the key value */ 5827 att = sftk_FindAttribute(key,CKA_VALUE); complaint is that att could be NULL here. 5828 sftk_FreeObject(key); 5829 5830 crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue, 5831 att->attrib.ulValueLen); 5832 sftk_FreeAttribute(att);
Attachment #222397 -
Flags: review?(nelson) → review-
Comment 4•18 years ago
|
||
Comment on attachment 222397 [details] [diff] [review] return error core if att is null Oh, wait, I see this patch has two parts, one of which is irrelevant to this bug, and a second part that is relevant. r=nelson for the part in lib/softoken/pkcs11c.c
Attachment #222397 -
Flags: review- → review+
Comment 5•18 years ago
|
||
Comment on attachment 222397 [details] [diff] [review] return error core if att is null Asking Bob Relyea for second review on this softoken change. Bob, this is a coverity bug.
Attachment #222397 -
Flags: superreview?(rrelyea)
Assignee | ||
Comment 6•18 years ago
|
||
Thanks, Nelson. I had some other changes in the directory. Will try to keep them separate next time.
Comment 7•18 years ago
|
||
Changing the URL to a bonsai link, which will never "expire" (contrary to LXR links that may become useless if the source file changes).
Updated•18 years ago
|
Attachment #222397 -
Flags: review?(wtchang)
Comment 8•18 years ago
|
||
Comment on attachment 222397 [details] [diff] [review] return error core if att is null r=wtc for the change to lib/softoken/pkcs11c.c in this patch. I suggest that you return the error code CKR_KEY_INDIGESTIBLE instead of CKR_KEY_HANDLE_INVALID. This function returns CKR_KEY_TYPE_INCONSISTENT if key->objclass != CKO_SECRET_KEY. But CKR_KEY_TYPE_INCONSISTENT isn't a documented return value of C_DigestKey. I think we should also return CKR_KEY_INDIGESTIBLE or CKR_KEY_HANDLE_INVALID in that case. PKCS #11 v2.20 says: CKR_KEY_HANDLE_INVALID: The specified key handle is not valid. It may be the case that the specifie handle is a valid handle for an object which is not a key. We reiterate here that 0 is never a valid key handle. CKR_KEY_INDIGESTIBLE: This error code can only be returned by C_DigestKey. It indicates that the value of the specified key cannot be digested for some reason (perhaps the key isn't a secret key, or perhaps the token simply can't digest this kind of key).
Attachment #222397 -
Flags: review?(wtchang) → review+
Assignee | ||
Comment 9•18 years ago
|
||
Patch is modified to return CKR_KEY_INDIGESTIBLE. Didn't replace CKR_KEY_TYPE_INCONSISTENT as it requires multiple function modification in the file. Updated the whiteboard with "more work needed" keyword for future refs. trunk: /cvsroot/mozilla/security/nss/lib/softoken/pkcs11c.c,v <-- pkcs11c.c new revision: 1.83; previous revision: 1.82 3.11 branch: /cvsroot/mozilla/security/nss/lib/softoken/pkcs11c.c,v <-- pkcs11c.c new revision: 1.68.2.13; previous revision: 1.68.2.12
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Whiteboard: FIPS → FIPS "more work needed"
Assignee | ||
Comment 10•18 years ago
|
||
reopen the bug to prevent make it go off a radar.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 11•18 years ago
|
||
Alexei, your comment 9 above says "Patch is modified to return CKR_KEY_INDIGESTIBLE.", but your checkin to lib/softoken/pkcs11c.c still returns CKR_KEY_HANDLE_INVALID.
Comment 12•18 years ago
|
||
Wan-Teh, is this what you hand in mind?
Attachment #222578 -
Flags: review?(wtchang)
Comment 13•18 years ago
|
||
Comment on attachment 222578 [details] [diff] [review] change CKR values returned by NSC_DigestKey r=wtc. Yes, this is what I had in mind, except that I'm not sure if we should return CKR_KEY_HANDLE_INVALID instead in the key->objclass != CKO_SECRET_KEY case.
Attachment #222578 -
Flags: review?(wtchang) → review+
Assignee | ||
Comment 14•18 years ago
|
||
I'd like to get your suggestion on what to do with the rest of places in pkcs11c.c where we return CKR_KEY_TYPE_INCONSISTENT. For example: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/softoken/pkcs11c.c&rev=1.81&mark=3987,3957,3958,3959,3960#3945 Nelson wrote: We should make sure that CKR_KEY_INDIGESTIBLE gets transdlated into a reasonable error code. Well, we don't translate CKR_KEY_INDIGESTIBLE. And I guess we should not do so, as it is the defined API error code. But CKR_KEY_TYPE_INCONSISTENT does get translated: pk11err.c:91: MAPERROR(CKR_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
Attachment #222397 -
Attachment is obsolete: true
Attachment #222745 -
Flags: superreview?(wtchang)
Attachment #222745 -
Flags: review?(nelson)
Attachment #222397 -
Flags: superreview?(rrelyea)
Comment 15•18 years ago
|
||
Comment on attachment 222745 [details] [diff] [review] changes according wtc comment r=wtc. By the way, I'm having second thoughts about this change: /* get the key value */ att = sftk_FindAttribute(key,CKA_VALUE); sftk_FreeObject(key); if (!att) { - return CKR_KEY_HANDLE_INVALID; + return CKR_KEY_INDIGESTIBLE; } It seems that CKR_KEY_HANDLE_INVALID is also a reasonable error code there. Bob, what do you think? I think we should map CKR_KEY_INDIGESTIBLE. If we don't have a good error code, let's just map it to the closest error code for now. Even SEC_ERROR_INVALID_KEY would be much better than the default error code SEC_ERROR_IO. You don't need to review the other places where we return CKR_KEY_TYPE_INCONSISTENT. They may not be wrong. The error codes that may be returned by each PKCS #11 C_xxx function are documented in PKCS #11 v2.20, so you can consult it to see if CKR_KEY_TYPE_INCONSISTENT is a possible error code for each of those functions. You asked about NSC_WrapKey. PKCS #11 v2.20 says C_WrapKey does not return CKR_KEY_TYPE_INCONSISTENT. So perhaps we should return CKR_KEY_NOT_WRAPPABLE or CKR_KEY_HANDLE_INVALID instead.
Attachment #222745 -
Flags: superreview?(wtchang) → superreview+
Comment 16•18 years ago
|
||
In reply to comment 15, CKR_KEY_HANDLE_INVALID means the handle is not a valid object handle for any key type object in the module. If a program gets an object handle from C_FindObjects, with a template that specifies a key object, then that application should not subsequently get CKR_KEY_HANDLE_INVALID when it attempts to use the handle that was givien to it by C_FindObjects. A key object without a CKA_VALUE attribute is a malformed object, but that does not make the handle invalid.
Comment 17•18 years ago
|
||
Comment on attachment 222745 [details] [diff] [review] changes according wtc comment I can live with either of the two patches to pkcs11c.c that are attached to this bug. I would prefer the other one to this one.
Attachment #222745 -
Flags: review?(nelson) → review+
Comment 18•18 years ago
|
||
Comment on attachment 222578 [details] [diff] [review] change CKR values returned by NSC_DigestKey Since this patch was suggested by Wan-Teh, I will give it r+ (even though I attached it)
Attachment #222578 -
Flags: superreview+
Comment 20•18 years ago
|
||
CID 533
Whiteboard: FIPS "more work needed" → FIPS "more work needed" [CID 533]
Assignee | ||
Comment 21•18 years ago
|
||
Closing the bug as fixed. I've with pkcs11 2.20: KEY_TYPE_INCONSISTENT can be returned by C_WrapKey: CKR_WRAPPING_KEY_TYPE_INCONSISTENT: This value can only be returned by C_WrapKey. It indicates that the type of the key specified to wrap another key is not consistent with the mechanism specified for wrapping.
Status: REOPENED → RESOLVED
Closed: 18 years ago → 18 years ago
Resolution: --- → FIXED
Comment 22•18 years ago
|
||
removing "more work needed" from status whiteboard, since this bug is now marked resolved/fixed
Whiteboard: FIPS "more work needed" [CID 533] → FIPS [CID 533]
Updated•13 years ago
|
Crash Signature: [@ NSC_DigestKey]
You need to log in
before you can comment on or make changes to this bug.
Description
•