Closed
Bug 559081
Opened 14 years ago
Closed 14 years ago
tstclnt utility crashes when some command line argument values are empty(NULL)
Categories
(NSS :: Tools, defect, P2)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 547677
3.12.7
People
(Reporter: eskuat, Assigned: eskuat)
References
Details
Attachments
(1 file)
1.99 KB,
patch
|
nelson
:
review-
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1045 Safari/532.5 Build Identifier: nss-3.12.4-with-nspr-4.8 tstclnt crashes due to lack of input sanitization. Empty(NULL) values directly passed to PORT_Strdup(). Reproducible: Always Steps to Reproduce: 1. Build and install NSS tools 2. Try to invoke tstclnt -h (or tstclnt -c, tstclnt -d, tstclnt -w, tstclnt -W) Actual Results: Tool crashed with segmentation fault. GDB says: debian:~/nss# gdb -q bin/tstclnt (gdb) r -h Starting program: /root/nss/nss-3.12.4-with-nspr-4.8/mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/bin/tstclnt -h [Thread debugging using libthread_db enabled] [New Thread 0xb7c146b0 (LWP 11564)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb7c146b0 (LWP 11564)] 0xb7c8c3b3 in strlen () from /lib/i686/cmov/libc.so.6 (gdb) where #0 0xb7c8c3b3 in strlen () from /lib/i686/cmov/libc.so.6 #1 0xb7df410c in PORT_Strdup_Util (str=0x0) at secport.c:168 #2 0x0804c9c3 in main (argc=2, argv=0xbfae5274) at tstclnt.c:555 Expected Results: There should be no crash, but usage information should be printed.
Assignee | ||
Comment 1•14 years ago
|
||
Assignee | ||
Updated•14 years ago
|
Version: unspecified → 3.12.4
Comment 2•14 years ago
|
||
Comment on attachment 438784 [details] [diff] [review] Patch that adds sanity check for passed arguments r=nelson. Thanks! Some lines are too long. Will wrap them before committing.
Attachment #438784 -
Flags: review+
Updated•14 years ago
|
Assignee: nobody → eskuat
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
OS: Linux → All
Hardware: x86 → All
Target Milestone: --- → 3.12.7
Comment 3•14 years ago
|
||
Comment on attachment 438784 [details] [diff] [review] Patch that adds sanity check for passed arguments I'm sorry, I must retract my r+ review, and change it to r-. The problem is that this patch does not apply cleanly to the current NSS source tree. This patch was apparently created against an older version of NSS. It didn't apply cleanly to the trunk as of the date it was submitted (so this is not a problem caused by delayed reviewing). Now, you could submit another patch, but I suggest that, instead, you try one of the patches attached to bug 547677. I believe that patch will solve the problem for ALL NSS programs at once, without needing to modify each and every one of them. Please try it and let us know if that is a satisfactory solution for you.
Attachment #438784 -
Flags: review+ → review-
Assignee | ||
Comment 4•14 years ago
|
||
Nelson: No problem. The issue is not reproduced with patch #2 applied to most recent NSS (3.12.6).
Updated•14 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•