Make ssl3con.c more idiot-proof



9 years ago
7 years ago


(Reporter: kaie, Unassigned)


Firefox Tracking Flags

(Not tracked)




9 years ago
When tweaking NSS and removing ciphers from the source code (for whatever reason), and consequently modifying file ssl3con.c (removing entries from array cipherSuites), ...

... it's possible the developer forgets to decrease value ssl_V3_SUITES_IMPLEMENTED in the separate location, in file sslimpl.h

Maybe you'll say "nobody should or will ever forget that"? Wrong :-)

I propose to convert this array into a zero-terminated array. I propose to adjust the code that iterates over this array to not be bound by ssl_V3_SUITES_IMPLEMENTED, but instead iterate until the zero terminator is found.

Thanks a lot to Wan-Teh.
What's security sensitive about this?  
No committed code is flawed.
A patch with the defects described above should not get past review.
reveals that the reason that the dimension of the static (global) array 
cipherSuites has a fixed dimension is that the dimension of that array MUST 
be identical to the dimension of the array with the same name in the 
sslsocket structure.
Group: core-security
You need to log in before you can comment on or make changes to this bug.