Closed Bug 52633 Opened 25 years ago Closed 25 years ago

Extra PORT_Free call in sendRSAClientKeyExchange()

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: wtc, Assigned: nelson)

Details

In ssl3.c, sendRSAClientKeyExchange(), there is an extra PORT_Free call() if PK11_PubWrapSymKey() fails. This PORT_Free() call is not needed because enc_pms.data will be freed at the end of this function (under the label 'loser'). Here is a patch: Index: ssl3con.c =================================================================== RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v retrieving revision 1.8 diff -u -r1.8 ssl3con.c --- ssl3con.c 2000/09/12 20:15:41 1.8 +++ ssl3con.c 2000/09/14 14:39:57 @@ -3031,7 +3031,6 @@ /* wrap pre-master secret in server's public key. */ rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, svrPubKey, pms, &enc_pms); if (rv != SECSuccess) { - PORT_Free(enc_pms.data); ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); goto loser; }
Target Milestone: --- → 3.1
http://lxr.mozilla.org/mozilla/source/security/nss/lib/ssl/ssl3con.c#3031 Wan-Teh, How did you find this? Do you want to fix this for 3.0.1 also?
Status: NEW → ASSIGNED
I noticed it when I was debugging a write-beyond-end-of-buffer problem. When testing PSM I found that that code path was not executed. But since it is a simple change, you can include it with 3.0.1 after reviewing the patch. Thanks.
I have checked this into the tip of the trunk for NSS 3.1. If we want this to go into NSS 3.0.1, then we first have to decide whether or not we want to include the new IPv6 support in NSS 3.0.1 also.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
The fix for this bug has been checked into the NSS_30_BRANCH, too. So, I'm changing the target fix value for this bug to 3.0.1
Target Milestone: 3.1 → 3.0.1
You need to log in before you can comment on or make changes to this bug.