Closed Bug 58168 Opened 24 years ago Closed 24 years ago

Removed fixed-sized strings

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Platform:
x86
All
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 67511

People

(Reporter: BenB, Assigned: rrelyea)

Details

from mozilla/security/nss/lib/softoken/fipstokn.c: /* The next two strings must be exactly 64 characters long, with the first 32 characters meaningful */ static char *slotDescription = "NSS Internal FIPS-140-1 Cryptographic Services "; static char *privSlotDescription = "NSS FIPS-140-1 User Private Key Services "; (Or "Netscape" instead of "NSS") This is failure-prone and makes it impossible to move the vendor name to a central location. Change the source so that it can use the string, no matter what size it has.
The fixed length of these strings is a requirement of a standard. You can argue with the creators of the standard, if you like, but the implementation is correct given the standard.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → INVALID
Then please fulfill that requirement by filling the string programatically. E.g. (pseudo-code) if (privSlotDescription.Length > 33) privSlotDescription.Length = privSlotDescription.Length.First(33); else privSlotDescription.Length = ' ' * (33 - privSlotDescription.Length); REOPENing,
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
s/privSlotDescription.Length =/privSlotDescription =/ s/privSlotDescription.Length.First/privSlotDescription.First/
Bob, is the requested change is necessary? It seems that one can call PK11_ConfigureFIPS() to set the slot descriptions for other vendors, so the string literals are just the default values for the slot descriptions.
Assignee: wtc → relyea
Status: REOPENED → NEW
Making it easy to change those strings is important for reuse of the code by other "vendors". It is a pain to change "Netscape" or "NSS" or whatever we choose to the vendor name in 10 places, especially, if you have to count spaces while doing so and risk uninitialized or overwritten memory, if you make a mistake.
BTW: Before you mark it WONTFIX, please reassing to me.
So there are a couple of things here: 1) What should the Default string be, and who is the correct vendor. I believe NSS should be the correct default string. NSS is vendor nuetral -- it stands for Network Security Services. There happens to be the mozilla version of NSS, the netscape version of NSS, and the IPlanet version of NSS. The strings NSS and Netscape are not interchangeable as the bug implies. This is a PKCS #11 module and one can argue that the string should be independent of the application.... However since this particular PKCS #11 module happens to be statically bound to the application, one can argue that these strings need to have the application's name, not the library's name. That is why we added PK11_ConfigurePKCS11(). Mozilla can make these calls and build any strings they want including any vendor values in those strings. The Library's default strings should not change, however. Also note: these are not the only strings controlled by PK11_ConfigurePKCS11() -- there are also strings in pkcs11.c that are controlled by this call. bob
Target Milestone: --- → 3.2
Bug 67511 is a better description of the remaining issue in this bug, so I'm closing this as a dup of that bug (even though this one is older). Hopefully this will add Ben to the CC list of that bug. *** This bug has been marked as a duplicate of 67511 ***
Status: NEW → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → DUPLICATE
Target Milestone: 3.2 → 3.3
Confirming. > Hopefully this will add Ben to the CC list of that bug. Bugzilla isn't that smart. Did it manually :-).
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.