Closed
Bug 343682
Opened 18 years ago
Closed 18 years ago
crash in libcrmf with ecc
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.3
People
(Reporter: KaiE, Unassigned)
References
Details
Attachments
(2 files)
7.76 KB,
text/plain
|
Details | |
814 bytes,
patch
|
KaiE
:
review+
nelson
:
superreview+
|
Details | Diff | Splinter Review |
use 1.8 branch sources and apply patch v4 from bug 326159 and build firefox go to the test page http://kuix.de/misc/test3/crmf-ecc.php and click the first button (ec crmf dual-use) this crashes with the stack as shown in the attached text file
Reporter | ||
Comment 1•18 years ago
|
||
Comment 2•18 years ago
|
||
Untested patch: Index: crmfpop.c =================================================================== RCS file: /cvsroot/mozilla/security/nss/lib/crmf/crmfpop.c,v retrieving revision 1.6 diff -u -r1.6 crmfpop.c --- crmfpop.c 22 May 2006 22:38:56 -0000 1.6 +++ crmfpop.c 5 Jul 2006 22:54:15 -0000 @@ -185,8 +185,8 @@ SECKEYPrivateKey *inKey, SECAlgorithmID *inAlgId) { - SECItem derCertReq; - SECItem certReqSig; + SECItem derCertReq = { siBuffer, NULL, 0 }; + SECItem certReqSig = { siBuffer, NULL, 0 }; SECStatus rv = SECSuccess; rv = crmf_encode_certreq(certReq, &derCertReq);
Reporter | ||
Comment 3•18 years ago
|
||
(In reply to comment #2) > Untested patch: > Index: crmfpop.c No luck with this patch, still crashes with same stack.
Reporter | ||
Comment 4•18 years ago
|
||
(In reply to comment #3) > > No luck with this patch, still crashes with same stack. Sorry, I made a mistake when testing the patch, it fixes the crash just fine, thanks Bob!
Reporter | ||
Comment 5•18 years ago
|
||
this is bob's patch from comment 2 r=kengert
Attachment #228318 -
Flags: review+
Comment 6•18 years ago
|
||
Comment on attachment 228318 [details] [diff] [review] Patch v1 I'm relieved to know that this patch fixes it. I spent a lot of time going over the code looking for another source of heap corruption, without finding any. Please check this patch in on the trunk and NSS_3_11_BRANCH, or, if you prefer, I will do so at your request.
Attachment #228318 -
Flags: superreview+
Reporter | ||
Comment 7•18 years ago
|
||
patch checked into trunk and 3.11 branch Checking in crmfpop.c; /cvsroot/mozilla/security/nss/lib/crmf/crmfpop.c,v <-- crmfpop.c new revision: 1.7; previous revision: 1.6 done Checking in crmfpop.c; /cvsroot/mozilla/security/nss/lib/crmf/crmfpop.c,v <-- crmfpop.c new revision: 1.3.28.4; previous revision: 1.3.28.3 done
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Comment 8•18 years ago
|
||
The SECItem derTemp in crmf_encode_popoprivkey may suffer from the same problem and should also be initialized.
Target Milestone: --- → 3.11.3
Reporter | ||
Comment 9•18 years ago
|
||
I filed bug 346551 for comment 8.
You need to log in
before you can comment on or make changes to this bug.
Description
•