Closed
Bug 337104
Opened 18 years ago
Closed 18 years ago
Coverity OOM Crash [@ ssl2_QualifyCypherSpecs][@ ssl2_ChooseSessionCypher] Variable "ms" tracked as NULL was dereferenced.
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.2
People
(Reporter: timeless, Assigned: nelson)
Details
(Keywords: coverity, crash, Whiteboard: CIDs 442 443 444)
Crash Data
Attachments
(1 file)
4.88 KB,
patch
|
alvolkov.bgs
:
review+
|
Details | Diff | Splinter Review |
The code assumes that ss->sizeCipherSpecs implies ss->cipherSpecs or that ssl2_ConstructCipherSpecs can safely initialize ss->ciperSpecs which is false, the function can clearly return SECFailure.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: OOM? Crash [@ ssl2_QualifyCypherSpecs][@ ssl2_ChooseSessionCypher] Variable "ms" tracked as NULL was dereferenced. → OOM Crash [@ ssl2_QualifyCypherSpecs][@ ssl2_ChooseSessionCypher] Variable "ms" tracked as NULL was dereferenced.
Assignee | ||
Updated•18 years ago
|
Hardware: PC → All
Target Milestone: --- → 3.11.2
Assignee | ||
Updated•18 years ago
|
Priority: -- → P2
Assignee | ||
Updated•18 years ago
|
Assignee: nobody → nelson
Assignee | ||
Comment 1•18 years ago
|
||
Timeless, this bug summary claims to be about two functions whose names start wtih ssl2_, none of which are in the file ssl3con.c. But the URL given for this bug, http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/ssl3con.c&rev=1.88&mark=1769-1770,1773,1775,1776,1777,1830-1831,1834-1835,1838-1841,1843,1858,1859,1860#1769 is for a function named ssl3_CompressMACEncryptRecord in ssl3con.c So this begs several questions. which of these is this bug really supposed to be about? Is there another bug for the other one? I will proceed assuming that this bug is really about the functions named in the bug summary (unless that proves to be a dead end). If you need to file another bug about the URL given above, please do so, but be sure to explain what's wrong with that URL.
sorry, i'm currently in amsterdam, it's quite possible i lost a bug while trying to file these. even if i weren't, i wouldn't really recall much more about these bugs, although i suppose i could ask coverity what bug# i claimed for the functions in the original summary. i'll see about maybe doing that on tuesday at the earliest :(.
Assignee | ||
Comment 3•18 years ago
|
||
Eliminating unrelated bug URL, and replacing it with these two URLs http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/sslcon.c&rev=1.30&mark=1767-1769,1773,1775#1752 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/sslcon.c&rev=1.30&mark=1828-1830,1857,1866#1827 which I derived from the bug summary.
Assignee | ||
Comment 4•18 years ago
|
||
OK, it'a apparent now that the old URL simply had the wrong file name in it. The new URL is the right one.
Assignee | ||
Comment 5•18 years ago
|
||
This patch fixes two bugs (which were both about the same source file and even about the same function).
Attachment #222570 -
Flags: review?(alexei.volkov.bugs)
Comment 6•18 years ago
|
||
Comment on attachment 222570 [details] [diff] [review] patch for bug 337104 and bug 337105, v1 r=alexei
Attachment #222570 -
Flags: review?(alexei.volkov.bugs) → review+
Assignee | ||
Updated•18 years ago
|
Whiteboard: CID 442 & 443
Assignee | ||
Comment 7•18 years ago
|
||
Checking in sslcon.c; new revision: 1.31; previous revision: 1.30 Checking in sslcon.c; new revision: 1.28.2.3; previous revision: 1.28.2.2
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Updated•18 years ago
|
Summary: OOM Crash [@ ssl2_QualifyCypherSpecs][@ ssl2_ChooseSessionCypher] Variable "ms" tracked as NULL was dereferenced. → Coverity OOM Crash [@ ssl2_QualifyCypherSpecs][@ ssl2_ChooseSessionCypher] Variable "ms" tracked as NULL was dereferenced.
Updated•13 years ago
|
Crash Signature: [@ ssl2_QualifyCypherSpecs]
[@ ssl2_ChooseSessionCypher]
You need to log in
before you can comment on or make changes to this bug.
Description
•