Closed
Bug 590806
Opened 14 years ago
Closed 2 months ago
Memory leak in pk11_PubDeriveECKeyWithKDF
Categories
(NSS :: Libraries, defect, P5)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: briansmith, Assigned: anna.weine)
References
()
Details
Attachments
(1 file)
/* get our key Structure */ symKey = pk11_CreateSymKey(slot, target, PR_TRUE, PR_TRUE, wincx); [...] case CKD_SHA1_KDF: key_size = SHA1_LENGTH; break; default: PORT_Assert(!"Invalid CKD"); PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); return NULL;
Comment 1•14 years ago
|
||
We are not clear on how this bug is impact by our plugin , can you please clarify details on environment, call stacks, etc to attempt to reproduce if so?
Comment 2•14 years ago
|
||
Lilian, are you sure your comment was meant for this bug? Brian, Your initial description was so terse that I ignored it, until now, figuring you would add detail later. You see to be referring to these lines of code: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/pk11wrap/pk11skey.c&rev=1.122&mark=1802,1818,1821-1824,1832-1834#1801 The function is a static function. It has one caller, namely, public function PK11_PubDeriveWithKDF, of which there are 5 callers in libSSL and one caller in PSM, in nsSet_EC_DHMAC_ProofOfPossession. The path that leaks requires that the function be called with zero for the "keySize" argument, and with an unrecognized value for the kdf type argument. This is essentially an invalid combination of arguments, but it still should not leak. It's conceivable that some Skype plugin is calling it with this combination of arguments, but I see no evidence for or against that hypothesis here.
Blocks: 615799
Reporter | ||
Comment 3•14 years ago
|
||
Nelson, this bug was associated with the Skype tracking bug by mistake. Thanks for filling in the missing details regarding the leak.
Updated•2 years ago
|
Severity: minor → S4
Updated•11 months ago
|
Priority: -- → P5
Assignee | ||
Comment 4•2 months ago
|
||
Updated•2 months ago
|
Attachment #9414336 -
Attachment description: WIP: Bug 590806 - Freeing symKey in pk11_PubDeriveECKeyWithKDF when a key_size is 0 and wrong kdf → Bug 590806 - Freeing symKey in pk11_PubDeriveECKeyWithKDF when a key_size is 0 and wrong kdf
Assignee | ||
Updated•2 months ago
|
Assignee: nobody → anna.weine
Assignee | ||
Comment 5•2 months ago
|
||
Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•