Closed Bug 345941 Opened 19 years ago Closed 19 years ago

use of uninitialized data in fipstest

Categories

(NSS :: Test, defect, P3)

Product:
NSS
Component:
Test
Version:
3.11.2
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: wolfiR, Assigned: glenbeasley)

Details

Attachments

(2 files)

Proposed patch
926 bytes, patch
glenbeasley
: review+
Details | Diff | Splinter Review
Fix sha_test, too
955 bytes, patch
wolfiR
: review+
Details | Diff | Splinter Review
This is a minor thing I think but my compiler is complaining: fipstest.c (hmac_test()) FILE *req; /* input stream from the REQUEST file */ if (buf == NULL) { goto loser; } if (msg == NULL) { goto loser; } req = fopen(reqfn, "r"); loser: fclose(req); So the code may try to close req which could be a random pointer. I saw this with 3.11.2.
FILE *req = NULL; should be fine obviously.
There are two files in NSS named fipstest.c Presumably this bug is citing http://lxr.mozilla.org/security/source/security/nss/cmd/fipstest/fipstest.c#3077 which Glen added last December.
Assignee: nobody → glen.beasley
Attached patch Proposed patchSplinter Review
Wolfgang, did your compilar only warn about this uninitialized variable? GCC should warn about several other variables that may be unused uninitialized in this file. All these warnings are benign for the purposes of this file (a special-purpose test program). We need to not only initialize 'req' to NULL but also check for a NULL 'req' before passing it to fclose.
Attachment #230824 - Flags: review?(glen.beasley)
Severity: normal → trivial
Priority: -- → P3
Target Milestone: --- → 3.12
Attachment #230824 - Flags: review?(glen.beasley) → review+
(In reply to comment #3) > Wolfgang, did your compilar only warn about this uninitialized > variable? GCC should warn about several other variables that > may be unused uninitialized in this file. All these warnings > are benign for the purposes of this file (a special-purpose > test program). The difference between this case is that the compiler complains that this variable *is* used uninitialized and the others *may* be used uninitialized. So I'm fine with this change for now, thanks ;-)
That is not what I see. gcc version 3.4.4 20050721 (Red Hat 3.4.4-2) on Red Hat Enterprise Linux AS release 4 (Nahant Update 2) x86_64 says: gcc -o Linux2.6_x86_64_glibc_PTH_64_OPT.OBJ/fipstest.o -c -O2 -fPIC -DLINUX1_2 - D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall -Werror-implicit-function-declaration -pi pe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR -DXP_UNIX -UDEB UG -DNDEBUG -D_REENTRANT -I../../../../dist/Linux2.6_x86_64_glibc_PTH_64_OPT.OBJ /include -I../../../../dist/public/nss -I../../../../dist/private/nss fipstest .c fipstest.c: In function `tdea_kat_mmt': fipstest.c:324: warning: 'mode' might be used uninitialized in this function fipstest.c: In function `aes_kat_mmt': fipstest.c:1033: warning: 'mode' might be used uninitialized in this function fipstest.c:1036: warning: 'keysize' might be used uninitialized in this function fipstest.c: In function `aes_ecb_mct': fipstest.c:1233: warning: 'keysize' might be used uninitialized in this function fipstest.c: In function `aes_cbc_mct': fipstest.c:1516: warning: 'keysize' might be used uninitialized in this function fipstest.c: In function `rng_vst': fipstest.c:2590: warning: 'b' might be used uninitialized in this function fipstest.c: In function `rng_mct': fipstest.c:2713: warning: 'b' might be used uninitialized in this function fipstest.c: In function `sha_test': fipstest.c:2911: warning: 'MDlen' might be used uninitialized in this function fipstest.c:2912: warning: 'msgLen' might be used uninitialized in this function fipstest.c:2919: warning: 'req' might be used uninitialized in this function fipstest.c: In function `hmac_test': fipstest.c:3082: warning: 'keyLen' might be used uninitialized in this function fipstest.c:3087: warning: 'HMACLen' might be used uninitialized in this function fipstest.c:3089: warning: 'hash_alg' might be used uninitialized in this functio n fipstest.c:3091: warning: 'req' might be used uninitialized in this function fipstest.c: In function `dsa_pqggen_test': fipstest.c:3528: warning: 'keySizeIndex' might be used uninitialized in this fun ction I checked in the patch on the NSS trunk for NSS 3.12. Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.29; previous revision: 1.28 done
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
(In reply to comment #5) > That is not what I see. gcc version 3.4.4 20050721 (Red Hat 3.4.4-2) > on Red Hat Enterprise Linux AS release 4 (Nahant Update 2) x86_64 says: gcc 4.1.2pre says: gcc -o Linux2.6_x86_glibc_PTH_OPT.OBJ/fipstest.o -c -O2 -march=i586 -mtune=i686 -fmessage-length=0 -Wall -D_FORTIFY_SOURCE= 2 -g -fno-strict-aliasing -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall -pipe -DLINUX -Dlinux -D_POSIX_SO URCE -D_BSD_SOURCE -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -I/usr/include/nspr4 -I../../../../dist/Linux2.6 _x86_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss fipstest.c fipstest.c: In function 'tdea_kat_mmt': fipstest.c:324: warning: 'mode' may be used uninitialized in this function fipstest.c: In function 'aes_kat_mmt': fipstest.c:1036: warning: 'keysize' may be used uninitialized in this function fipstest.c:1033: warning: 'mode' may be used uninitialized in this function fipstest.c: In function 'aes_ecb_mct': fipstest.c:1233: warning: 'keysize' may be used uninitialized in this function fipstest.c: In function 'aes_cbc_mct': fipstest.c:1516: warning: 'keysize' may be used uninitialized in this function fipstest.c: In function 'dsa_pqggen_test': fipstest.c:3528: warning: 'keySizeIndex' may be used uninitialized in this function fipstest.c: In function 'rng_vst': fipstest.c:2590: warning: 'b' may be used uninitialized in this function fipstest.c: In function 'rng_mct': fipstest.c:2713: warning: 'b' may be used uninitialized in this function fipstest.c: In function 'hmac_test': fipstest.c:3204: warning: 'req' is used uninitialized in this function fipstest.c:3089: warning: 'hash_alg' may be used uninitialized in this function fipstest.c:3087: warning: 'HMACLen' may be used uninitialized in this function fipstest.c:3082: warning: 'keyLen' may be used uninitialized in this function fipstest.c: In function 'sha_test': fipstest.c:3016: warning: 'req' is used uninitialized in this function fipstest.c:2912: warning: 'msgLen' may be used uninitialized in this function fipstest.c:2911: warning: 'MDlen' may be used uninitialized in this function And looking at that output shows that I've overseen the other occurence of the same thing in sha_test()
Wolfgang, could you review and test this patch, see if it fixes that compilar warning in sha_test? Thanks.
Attachment #231010 - Flags: review?(mozilla)
Comment on attachment 231010 [details] [diff] [review] Fix sha_test, too only "may be used uninitialized" is left in compiler output
Attachment #231010 - Flags: review?(mozilla) → review+
Comment on attachment 231010 [details] [diff] [review] Fix sha_test, too I checked in the patch "fix sha_test, too" on the NSS trunk for NSS 3.12. Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.30; previous revision: 1.29 done
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: