Closed
Bug 550432
Opened 14 years ago
Closed 14 years ago
ssl2_GatherData calls PORT_Memcmp with unintialized mac when gs->offset < macLen
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.7
People
(Reporter: timeless, Assigned: timeless)
References
()
Details
(Keywords: coverity)
Attachments
(1 file)
2.01 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
87 ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags) 239 case GS_MAC: 250 unsigned char mac[SSL_MAX_MAC_BYTES]; 290 if (gs->offset >= macLen) { 306 } 312 if (NSS_SecureMemcmp(mac, pBuf, macLen) != 0) {
Comment 2•14 years ago
|
||
Timeless, I really appreciate your excellent summary of the troublesome code path in comment 0, in this bug and the other coverity bugs you've recently filed. It's so clear, and it saves so much time! Thanks!
Comment 3•14 years ago
|
||
Comment on attachment 430585 [details] [diff] [review] proposal r=nelson Good work. committed on trunk. lib/ssl/sslgathr.c; new revision: 1.11; previous revision: 1.10
Attachment #430585 -
Flags: review?(nelson) → review+
Updated•14 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.12.7
You need to log in
before you can comment on or make changes to this bug.
Description
•