Closed
Bug 337099
Opened 19 years ago
Closed 19 years ago
Coverity Crash [@ PK11_ParamFromIV] Variable "iv" tracked as NULL was dereferenced.
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.2
People
(Reporter: timeless, Assigned: alvolkov.bgs)
References
()
Details
(Keywords: coverity, crash, Whiteboard: [CID 299])
Crash Data
Attachments
(1 file)
|
1.45 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
|
||
Updated•19 years ago
|
Hardware: PC → All
Target Milestone: --- → 3.11.2
|
|
||
Updated•19 years ago
|
Priority: -- → P2
|
Assignee | |
Updated•19 years ago
|
Assignee: nobody → alexei.volkov.bugs
|
|
Assignee | |
Comment 1•19 years ago
|
||
Also check that len is not 0 since the len will be devided later in the "if"
Attachment #222754 -
Flags: review?(nelson)
|
|
||
Comment 2•19 years ago
|
||
Comment on attachment 222754 [details] [diff] [review]
set len to 0 if iv is a prt to NULL or is zero length
Alexei,
Please check the definition of mechanisms CKM_RC5_CBC and CKM_RC5_CBC_PAD.
IINM, they *require* a non-zero length IV (as all block ciphers should)
and so we should enforce that here rather than silently ignore it.
Also, please check the definition of mechanism CKM_RC5_ECB. IINM, ECB ciphers
never require (or use) an IV, so checking for an IV for that mechanism
(as the code now does) may be completely wrong.
The RC5 mechanisms could be a "special case" among block cipher mechanisms,
using IVs in unusual ways (ways dissimilar to other block ciphers).
But if it is not, we should correct our code to require IVs to be correct
(including absent, when necessary) for these block cipher mechanisms.
I'm withholding the review outcome pending that investigation.
|
|
||
Updated•19 years ago
|
Whiteboard: review is waiting for answers from patch author
|
|
||
Comment 3•19 years ago
|
||
Comment on attachment 222754 [details] [diff] [review]
set len to 0 if iv is a prt to NULL or is zero length
It's clear that NONE of the cases in this switch do any sanity checkin on their inputs. None of them require non-zero-length ivs for block cipher mechanisms. So I won't ask you to fix that for this coverity bug.
Attachment #222754 -
Flags: review?(nelson) → review+
|
|
||
Updated•19 years ago
|
Whiteboard: review is waiting for answers from patch author
|
|
Assignee | |
Updated•19 years ago
|
Whiteboard: [CID 299]
|
|
Assignee | |
Comment 4•19 years ago
|
||
tip
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11mech.c,v <-- pk11mech.c
new revision: 1.5; previous revision: 1.4
3.11 branch
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11mech.c,v <-- pk11mech.c
new revision: 1.4.2.1; previous revision: 1.4
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
||
Updated•19 years ago
|
Summary: Crash [@ PK11_ParamFromIV] Variable "iv" tracked as NULL was dereferenced. → Coverity Crash [@ PK11_ParamFromIV] Variable "iv" tracked as NULL was dereferenced.
|
||
Updated•14 years ago
|
Crash Signature: [@ PK11_ParamFromIV]
You need to log in
before you can comment on or make changes to this bug.
Description
•