ec_NewKey calls mp_clear for uninitialized k when SECITEM_CopyItem(...) fails

RESOLVED FIXED in 3.13

Status

NSS
Libraries
RESOLVED FIXED
8 years ago
8 years ago

People

(Reporter: timeless, Assigned: timeless)

Tracking

({coverity})

unspecified
3.13
x86
All
coverity

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: FIPS, URL)

Attachments

(1 attachment)

1.05 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
(Assignee)

Description

8 years ago
237  	ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey, 
238  	    const unsigned char *privKeyBytes, int privKeyLen)

244  	    mp_int k;

278  	    if (ecParams->fieldID.type == ec_field_GFp) {
279  		CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.prime,
280  		    &ecParams->fieldID.u.prime));

328  	cleanup:
329  	    mp_clear(&k);
(Assignee)

Comment 1

8 years ago
Created attachment 431974 [details] [diff] [review]
patch
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #431974 - Flags: review?(nelson)
Comment on attachment 431974 [details] [diff] [review]
patch

r=nelson
Attachment #431974 - Flags: review?(nelson) → review+
Whiteboard: FIPS
Target Milestone: --- → 3.13
lib/freebl/ec.c; new revision: 1.20.8.2; previous revision: 1.20.8.1

Thanks, Timeless.
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.