Closed Bug 559081 Opened 14 years ago Closed 14 years ago

tstclnt utility crashes when some command line argument values are empty(NULL)

Categories

(NSS :: Tools, defect, P2)

Product:
NSS
Component:
Tools
Version:
3.12.4
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 547677
Milestone:
3.12.7

People

(Reporter: eskuat, Assigned: eskuat)

References

Details

Attachments

(1 file)

Patch that adds sanity check for passed arguments
1.99 KB, patch
nelson
: review-
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1045 Safari/532.5
Build Identifier: nss-3.12.4-with-nspr-4.8

tstclnt crashes due to lack of input sanitization. Empty(NULL) values directly passed to PORT_Strdup().

Reproducible: Always

Steps to Reproduce:
1. Build and install NSS tools
2. Try to invoke tstclnt -h (or tstclnt -c, tstclnt -d, tstclnt -w, tstclnt -W)

Actual Results:  
Tool crashed with segmentation fault.

GDB says:

debian:~/nss# gdb -q bin/tstclnt
(gdb) r -h
Starting program: /root/nss/nss-3.12.4-with-nspr-4.8/mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/bin/tstclnt -h
[Thread debugging using libthread_db enabled]
[New Thread 0xb7c146b0 (LWP 11564)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7c146b0 (LWP 11564)]
0xb7c8c3b3 in strlen () from /lib/i686/cmov/libc.so.6
(gdb) where
#0  0xb7c8c3b3 in strlen () from /lib/i686/cmov/libc.so.6
#1  0xb7df410c in PORT_Strdup_Util (str=0x0) at secport.c:168
#2  0x0804c9c3 in main (argc=2, argv=0xbfae5274) at tstclnt.c:555


Expected Results:  
There should be no crash, but usage information should be printed.
Version: unspecified → 3.12.4
Comment on attachment 438784 [details] [diff] [review]
Patch that adds sanity check for passed arguments

r=nelson.  Thanks!
Some lines are too long. 
Will wrap them before committing.
Attachment #438784 - Flags: review+
Assignee: nobody → eskuat
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
OS: Linux → All
Hardware: x86 → All
Target Milestone: --- → 3.12.7
Priority: -- → P2
See Also: → 547677
Comment on attachment 438784 [details] [diff] [review]
Patch that adds sanity check for passed arguments

I'm sorry, I must retract my r+ review, and change it to r-.  
The problem is that this patch does not apply cleanly to the current NSS source tree.  
This patch was apparently created against an older version of NSS.  
It didn't apply cleanly to the trunk as of the date it was submitted (so this is not a problem caused by delayed reviewing).  

Now, you could submit another patch, but I suggest that, instead, you try one of the patches attached to bug 547677.  I believe that patch will solve the problem for ALL NSS programs at once, without needing to modify each and every one of them.  Please try it and let us know if that is a satisfactory solution for you.
Attachment #438784 - Flags: review+ → review-
Nelson: No problem. The issue is not reproduced with patch #2 applied to most recent NSS (3.12.6).
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: