tstclnt utility crashes when some command line argument values are empty(NULL)

RESOLVED DUPLICATE of bug 547677

Status

NSS
Tools
P2
minor
RESOLVED DUPLICATE of bug 547677
8 years ago
8 years ago

People

(Reporter: Kuat Eshengazin, Assigned: Kuat Eshengazin)

Tracking

3.12.4
3.12.7

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1045 Safari/532.5
Build Identifier: nss-3.12.4-with-nspr-4.8

tstclnt crashes due to lack of input sanitization. Empty(NULL) values directly passed to PORT_Strdup().

Reproducible: Always

Steps to Reproduce:
1. Build and install NSS tools
2. Try to invoke tstclnt -h (or tstclnt -c, tstclnt -d, tstclnt -w, tstclnt -W)

Actual Results:  
Tool crashed with segmentation fault.

GDB says:

debian:~/nss# gdb -q bin/tstclnt
(gdb) r -h
Starting program: /root/nss/nss-3.12.4-with-nspr-4.8/mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/bin/tstclnt -h
[Thread debugging using libthread_db enabled]
[New Thread 0xb7c146b0 (LWP 11564)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7c146b0 (LWP 11564)]
0xb7c8c3b3 in strlen () from /lib/i686/cmov/libc.so.6
(gdb) where
#0  0xb7c8c3b3 in strlen () from /lib/i686/cmov/libc.so.6
#1  0xb7df410c in PORT_Strdup_Util (str=0x0) at secport.c:168
#2  0x0804c9c3 in main (argc=2, argv=0xbfae5274) at tstclnt.c:555


Expected Results:  
There should be no crash, but usage information should be printed.
(Assignee)

Comment 1

8 years ago
Created attachment 438784 [details] [diff] [review]
Patch that adds sanity check for passed arguments
(Assignee)

Updated

8 years ago
Version: unspecified → 3.12.4
Comment on attachment 438784 [details] [diff] [review]
Patch that adds sanity check for passed arguments

r=nelson.  Thanks!
Some lines are too long. 
Will wrap them before committing.
Attachment #438784 - Flags: review+
Assignee: nobody → eskuat
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
OS: Linux → All
Hardware: x86 → All
Target Milestone: --- → 3.12.7
Priority: -- → P2
See Also: → bug 547677
Comment on attachment 438784 [details] [diff] [review]
Patch that adds sanity check for passed arguments

I'm sorry, I must retract my r+ review, and change it to r-.  
The problem is that this patch does not apply cleanly to the current NSS source tree.  
This patch was apparently created against an older version of NSS.  
It didn't apply cleanly to the trunk as of the date it was submitted (so this is not a problem caused by delayed reviewing).  

Now, you could submit another patch, but I suggest that, instead, you try one of the patches attached to bug 547677.  I believe that patch will solve the problem for ALL NSS programs at once, without needing to modify each and every one of them.  Please try it and let us know if that is a satisfactory solution for you.
Attachment #438784 - Flags: review+ → review-
(Assignee)

Comment 4

8 years ago
Nelson: No problem. The issue is not reproduced with patch #2 applied to most recent NSS (3.12.6).
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 547677
You need to log in before you can comment on or make changes to this bug.