Closed Bug 381718 Opened 17 years ago Closed 17 years ago

Bug in PK11_ListPrivKeysInSlot

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.8

People

(Reporter: t8m, Assigned: julien.pierre)

Details

Attachments

(1 file)

Patch for the off-by-one for ListPubKeys and ListPrivKeys functions
905 bytes, patch
wtc
: review+
rrelyea
: superreview+
Details | Diff | Splinter Review 
There is a mistake in PK11_ListPrivKeysInSlot making it not to find private keys by nickname:

2074     if (nickname) {
2075         len = PORT_Strlen(nickname)-1;
2076         PK11_SETATTRS(attrs, CKA_LABEL, nickname, len); attrs++;
2077     }

In the code above the -1 should be removed.
The -1 is a bug, (and I think there be another bug about that already),
but private key objects typically don't have useful CKA_LABELs.
This is because keys are generated well before the certs are available
and the nicknames are generally derived from the cert contents.
So, by the time the cert arrives, the priv key is already created without
a useful nickname.

If you look at how other NSS programs fine private keys from nicknames,
you'll notice that they find a cert object with the nickname, and then find 
the private key object whose CKA_ID matches the CKA_ID of the cert. 
I'm using NSS for ssh keys and certs are meaningless there but I know about the problem you wrote and I'll workaround it some way or another.

Nelson, should we go ahead and fix the bug?

Do you want me to attach a patch?

This bug is a duplicate of Bug 353714, which notes that there are other
problems with that function than merely this one off-by-one issue.  

Kai and Tom, feel free to attach a patch (or patches) to Bug 353714 
that address the issues reported there.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
I'd rather leave this bug for the off by one issue as the other bug mentions another issues which I don't know about.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Comment on attachment 265930 [details] [diff] [review]
Patch for the off-by-one for ListPubKeys and ListPrivKeys functions

r=wtc.
Attachment #265930 - Flags: review+
Comment on attachment 265930 [details] [diff] [review]
Patch for the off-by-one for ListPubKeys and ListPrivKeys functions

r+ for the 3.11 branch once it opens again.
Attachment #265930 - Flags: superreview+
Fixed on the trunk :

Checking in pk11akey.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11akey.c,v  <--  pk11akey.c
new revision: 1.18; previous revision: 1.17
done

And on the NSS_3_11_BRANCH :

Checking in pk11akey.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11akey.c,v  <--  pk11akey.c
new revision: 1.9.2.7; previous revision: 1.9.2.6
done
Assignee: nobody → julien.pierre.boogz
Status: REOPENED → NEW
OS: Linux → All
Priority: -- → P2
Hardware: PC → All
Target Milestone: --- → 3.11.8
Status: NEW → RESOLVED
Closed: 17 years ago17 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.