Closed Bug 410587 Opened 18 years ago Closed 18 years ago

SSL_GetChannelInfo returns SECSuccess on invalid arguments

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: wtc, Assigned: wtc)

Details

Attachments

(1 file)

Proposed patch
863 bytes, patch
nelson
: review+
Details | Diff | Splinter Review
Attached patch Proposed patchSplinter Review
The SSL_GetChannelInfo function (added in NSS 3.4) returns SECSuccess if the input argument 'info' or 'len' is invalid. It should set the error code and return SECFailure. I rated the severity of this bug at minor because if 'info' is NULL, we crash, and 'len < sizeof inf.length' can only be true when we add new fields to SSLChannelInfo, and we can fix this bug before we add new fields.
Attachment #295177 - Flags: review?(nelson)
Comment on attachment 295177 [details] [diff] [review] Proposed patch I'm surprised at this bug, because I wrote this code and I am usually meticulous about returning proper error codes. Regarding the comment: > 'len < sizeof inf.length' can only be true when we add new fields to > SSLChannelInfo, and we can fix this bug before we add new fields. That's not correct. Adding new fields to the struct will not affect the truth of that test. Notice that that test does *not* ask "is len big enough to hold the entire "inf" structure?". It only asks "is len big enough to hold the length field at the beginning of the inf structure?". This API outputs as much of the inf structure as the caller requests. That way, when we grow the structure, we don't create problems for callers that still request an older smaller subset. The output includes the length of the total inf structure, so that the caller can call it twice, once to get the desired output length, and then again to get the entire structure, after allocating a buffer large enough to hold it. So, no change is required as we add new fields at the end. But we can fix this failure to report error.
Attachment #295177 - Flags: review?(nelson) → review+
You're right. Would be nice to document how the function should be used. The caller can't call the function to get the desired length as you described because we store inf.length = PR_MIN(sizeof inf, len); as opposed to inf.length = sizeof inf; Also, it's hard for the caller to handle the case where len > sizeof inf, so we may want to treat that as an invalid input argument. (The caller would need to check the offset of a field is < info->length before using it.) I checked in the patch on the NSS trunk for NSS 3.12. Checking in sslinfo.c; /cvsroot/mozilla/security/nss/lib/ssl/sslinfo.c,v <-- sslinfo.c new revision: 1.17; previous revision: 1.16 done
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: