klockwork IDs for ssl3con.c

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P2
normal
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Alexei Volkov)

Tracking

({klocwork})

trunk
3.12
klocwork

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

1.85 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
ID:       93124
Function: ssl3_ComputeRecordMAC
Location: nss/lib/ssl/ssl3con.c : 1695

'pad_bytes' might be used uninitialized in this function.

1654		unsigned int       pad_bytes; 

1669		case ssl_hmac_md5: /* used with TLS */ 
1670		    hashObj = HASH_GetRawHashObject(HASH_AlgMD5); 
1671		    break; 

1684		if (!isTLS) { 

1695		    hashObj->update(write_mac_context, mac_pad_1, pad_bytes); 

This is a false positive, since ssl_hmac_md5 is only used with TLS, so 
the code cannot take the !isTLS path after using case ssl_hmac_md5.
But we could easily silence this complaint by initializing pad_bytes to 0.

----

ID 93125, 93126 and 93127
Function: getWrappingKey

At line 4038, Klocwork thinks that Ks, pubWrapKey and privWrapKey are 
all uninitialized at lines 4038-4040.  pubWrapKey and PrivWrapKep are 
initialized with zero at their declarations at lines 3946-3947.  
I have marked those two IDs as "not a problem", but want to record them 
here, along with the real issue, which is Ks.

3945	    PK11SymKey *      Ks; 
3946	    SECKEYPublicKey   *pubWrapKey = NULL; 
3947	    SECKEYPrivateKey  *privWrapKey = NULL; 
4038		if (privWrapKey) SECKEY_DestroyPrivateKey(privWrapKey); 
4039		if (pubWrapKey) SECKEY_DestroyPublicKey(pubWrapKey); 
4040		if (Ks) PK11_FreeSymKey(Ks);
(Assignee)

Comment 1

11 years ago
Created attachment 241124 [details] [diff] [review]
fix as suggested
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #241124 - Flags: review?(nelson)
(Reporter)

Comment 2

11 years ago
Comment on attachment 241124 [details] [diff] [review]
fix as suggested

r=nelson
Attachment #241124 - Flags: review?(nelson) → review+
(Reporter)

Updated

11 years ago
Priority: -- → P2
Target Milestone: --- → 3.12
(Assignee)

Comment 3

11 years ago
/cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v  <--  ssl3con.c
new revision: 1.98; previous revision: 1.97
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
(Reporter)

Comment 4

11 years ago
*** Bug 339911 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.