Open Bug 556505 Opened 15 years ago Updated 3 years ago

SECU_GetPasswordString, SECU_ChangePW2 and secu_InitSlotPassword are strange

Categories

(NSS :: Tools, defect, P3)

Product:
NSS
Component:
Tools
Type:
defect

Tracking

(Not tracked)

People

(Reporter: timeless, Unassigned)

References

(
URL
)

Details

(Keywords: coverity)

Attachments

(1 file, 3 obsolete files)

Patch Version 4
3.17 KB, patch
shailen.n.jain
: review?
nelson
timeless
: feedback-
Details | Diff | Splinter Review
340 secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg) 342 char *p0 = NULL; 344 FILE *input, *output; 356 #ifdef _WINDOWS 357 input = stdin; 358 #else 359 input = fopen(consoleName, "r"); 360 #endif 373 if (output == NULL) { 375 return NULL; this leaks input on ! _WINDOWS 398 fclose(input); this closes stdin on _WINDOWS 399 fclose(output); 401 return p0; 411 SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass, 416 char *oldpw = NULL, *newpw = NULL; 440 if (PK11_NeedUserInit(slot)) { 441 newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata); this can fail (See 375), but it's passed to PK11_InitPin which treats 0 as "\0" 442 rv = PK11_InitPin(slot, (char*)NULL, newpw);
161 SECU_GetPasswordString(void *arg, char *prompt) 163 #ifndef _WINDOWS 165 FILE *input, *output; 168 input = fopen(consoleName, "r"); 175 if (output == NULL) { 177 return NULL; leaks input
URL: http://mxr.mozilla.org/mozilla-centra...http://mxr.mozilla.org/security/sourc...
Summary: SECU_ChangePW2 and secu_InitSlotPassword are strange → SECU_GetPasswordString, SECU_ChangePW2 and secu_InitSlotPassword are strange
Assigning to Shailendra, who's looking for bugs to fix, if I'm not mistaken.
Assignee: nobody → shailen.n.jain
Priority: -- → P3
Keywords: coverity
Attached patch Patch V 1 (obsolete) — Splinter Review
Hi Nelson, Please review the patch. I guess I wasnt sure about the below change. + if (newpw == NULL) { + rv = PK11_InitPin(slot, (char*)NULL, (char*)NULL); + } else { + rv = PK11_InitPin(slot, (char*)NULL, newpw); + } Regards, Shailendra
Attachment #436659 - Flags: review?(nelson)
Comment on attachment 436659 [details] [diff] [review] Patch V 1 Shailendra, your patch was all fine except for this part. > newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata); >- rv = PK11_InitPin(slot, (char*)NULL, newpw); >+ if (newpw == NULL) { >+ rv = PK11_InitPin(slot, (char*)NULL, (char*)NULL); >+ } else { >+ rv = PK11_InitPin(slot, (char*)NULL, newpw); >+ } That patch makes the code behave no differently than the old code did when secu_InitSlotPassword returns NULL. The crucial point is to NOT call PK11_InitPin with a NULL last argument, but to instead report an error and return SECFailure, as done elsewhere in that same function.
Attachment #436659 - Flags: review?(nelson) → review-
Attached patch Patch Version 2 (obsolete) — Splinter Review
Hi Nelson, Please review the newly attached patch for error message. Also please let me if we need to have similar check for the below piece of code which comes after the place where the above patch is applied newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata); if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { PR_fprintf(PR_STDERR, "Failed to change password.\n"); return SECFailure; } Regards, Shailendra
Attachment #436659 - Attachment is obsolete: true
Attachment #436910 - Flags: review?(nelson)
Comment on attachment 436910 [details] [diff] [review] Patch Version 2 This patch is VERY close to being right. First, in answer to your question, YES, both places where secu_InitSlotPassword is called need to be fixed. Second, We need to have a different message for the case where secu_InitSlotPassword failed to get a password (not even an empty password) and returned NULL) than for the case where the function that followed it (e.g. PK11_InitPin or PK11_ChangePW) failed. If secu_InitSlotPassword fails, we should say something like "failed to get new password" and if the other function fails, we should say "failed to set password" or "failed to change password" (as we do now).
Attachment #436910 - Flags: review?(nelson) → review-
Attached patch Patch Version 3 (obsolete) — Splinter Review
Hi Nelson, I modified the code and can you please review this patch. Thanks, Shailendra
Attachment #436910 - Attachment is obsolete: true
Attachment #439873 - Flags: review?(nelson)
Comment on attachment 439873 [details] [diff] [review] Patch Version 3 > if (PK11_NeedUserInit(slot)) { > newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata); >+ if (newpw == NULL) { >+ PR_fprintf(PR_STDERR, "Failed to get new password.\n"); >+ return SECFailure; >+ } > rv = PK11_InitPin(slot, (char*)NULL, newpw); What if this fails? > goto done; > }
Attached patch Patch Version 4Splinter Review
Hi nelson, I modified the patch to take care of the error condition you mentioned. Please review and let me know if any further changes required. Thanks and Regards, Shailendra
Attachment #439873 - Attachment is obsolete: true
Attachment #440159 - Flags: review?(nelson)
Attachment #439873 - Flags: review?(nelson)
Comment on attachment 440159 [details] [diff] [review] Patch Version 4 > if (PK11_NeedUserInit(slot)) { > newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata); ... > rv = PK11_InitPin(slot, (char*)NULL, newpw); >+ if (rv == SECFailure) { this leaks newpw: >+ PR_fprintf(PR_STDERR, "Failed to set new password.\n"); >+ return SECFailure; > newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata); ... > if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { this leaks newpw: > PR_fprintf(PR_STDERR, "Failed to change password.\n"); > return SECFailure; Please consider fixing these too.
Attachment #440159 - Flags: feedback-
See Also: → 1220077
Severity: normal → S3

The bug assignee is inactive on Bugzilla, so the assignee is being reset.

Assignee: shailen.n.jain → nobody
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: