Closed
Bug 447589
Opened 16 years ago
Closed 15 years ago
nsPK11Token::ChangePassword does not allow null arguments
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla1.9.3a1
People
(Reporter: nicolas.justin, Assigned: nicolas.justin)
References
Details
Attachments
(1 file)
|
1.23 KB,
patch
|
KaiE
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.7 (like Gecko) SUSE Build Identifier: Gecko 1.9 The nsPK11Token::ChangePassword does not allow to pass NULL values to PK11_ChangePW since when oldPassword and newPassword are converted they are transformed as an empty string which may have a different meaning once C_SetPIN is called: if a protected authentication path want to be used, the arguments must be NULL (different from an empty string). See https://bugzilla.mozilla.org/show_bug.cgi?id=446592 for the NSS part. Reproducible: Always Steps to Reproduce: 1. 2. 3.
|
Assignee | |
Comment 1•16 years ago
|
||
|
||
Comment 2•15 years ago
|
||
I agree that "password not set" is different "password set with zero length" so your explanation sounds reasonable to me.
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
||
Comment 3•15 years ago
|
||
Comment on attachment 330899 [details] [diff] [review] Proposed patch r=kaie
Attachment #330899 -
Flags: review+
|
|
||
Updated•15 years ago
|
Keywords: checkin-needed
|
||
Comment 4•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/04dfedf6fe26
Assignee: kaie → nicolas.justin
Status: NEW → RESOLVED
Closed: 15 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a1
You need to log in
before you can comment on or make changes to this bug.
Description
•