Closed Bug 550432 Opened 14 years ago Closed 14 years ago

ssl2_GatherData calls PORT_Memcmp with unintialized mac when gs->offset < macLen

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.7

People

(Reporter: timeless, Assigned: timeless)

References

(
URL
)

Details

(Keywords: coverity)

Attachments

(1 file)

proposal
2.01 KB, patch
nelson
: review+
Details | Diff | Splinter Review 
87 ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
239         case GS_MAC:
250             unsigned char    mac[SSL_MAX_MAC_BYTES];

290             if (gs->offset >= macLen) {
306             }

312             if (NSS_SecureMemcmp(mac, pBuf, macLen) != 0) {
Attached patch proposalSplinter Review 
Assignee: nobody → timeless
Status: NEW → ASSIGNED

        Attachment #430585 -
        Flags: review?(nelson)

    
    

    
  
Timeless, I really appreciate your excellent summary of the troublesome code
path in comment 0, in this bug and the other coverity bugs you've recently 
filed.  It's so clear, and it saves so much time!  Thanks!

    
    

    
  
Comment on attachment 430585 [details] [diff] [review]
proposal

r=nelson
Good work.  
committed on trunk.
lib/ssl/sslgathr.c; new revision: 1.11; previous revision: 1.10

        Attachment #430585 -
        Flags: review?(nelson) → review+
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.12.7

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: