Open Bug 590806 Opened 14 years ago Updated 6 months ago

Memory leak in pk11_PubDeriveECKeyWithKDF

Categories

(NSS :: Libraries, defect, P5)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

People

(Reporter: briansmith, Unassigned)

References

(
URL
)

Details

/* get our key Structure */
    symKey = pk11_CreateSymKey(slot, target, PR_TRUE, PR_TRUE, wincx);

    [...]

	    case CKD_SHA1_KDF:
		key_size = SHA1_LENGTH;
		break;
	    default:
		PORT_Assert(!"Invalid CKD");
		PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
 		return NULL;
Blocks: 615799
We are not clear on how this bug is impact by our plugin , can you please clarify details on environment, call stacks, etc to attempt to reproduce if so?
No longer blocks: 615799
Lilian, are you sure your comment was meant for this bug?

Brian, Your initial description was so terse that I ignored it, until now,
figuring you would add detail later.  You see to be referring to these lines
of code:

http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/pk11wrap/pk11skey.c&rev=1.122&mark=1802,1818,1821-1824,1832-1834#1801

The function is a static function.  It has one caller, namely, public 
function PK11_PubDeriveWithKDF, of which there are 5 callers in libSSL and 
one caller in PSM, in nsSet_EC_DHMAC_ProofOfPossession.  

The path that leaks requires that the function be called with zero for the "keySize" argument, and with an unrecognized value for the kdf type argument.
This is essentially an invalid combination of arguments, but it still should
not leak.

It's conceivable that some Skype plugin is calling it with this combination of arguments, but I see no evidence for or against that hypothesis here.
Blocks: 615799
URL: http://bonsai.mozilla.org/cvsblame.cg...
No longer blocks: 615799
Nelson, this bug was associated with the Skype tracking bug by mistake. Thanks for filling in the missing details regarding the leak.
Severity: minor → S4
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.