Closed
Bug 824097
Opened 12 years ago
Closed 12 years ago
Uninitialized memory read in nr_stun_server_ctx
Categories
(Core :: WebRTC: Networking, defect)
Tracking
()
RESOLVED
FIXED
mozilla20
People
(Reporter: ekr, Assigned: ekr)
Details
(Whiteboard: [WebRTC] [nICEr] [qa-] [nICEr-upstream-needed])
Attachments
(1 file)
|
1.21 KB,
patch
|
jesup
:
review+
|
Details | Diff | Splinter Review |
The offending code is here:
if (clnt) {
hmacPassword = &clnt->password;
}
else {
hmacPassword = 0;
}
However, hmacPassword is not used. This creates a UMR in valgrind but I do not believe has any security consequences. I marked it as "security" out of an abundance of caution.
Adam, Jesup if you agree this is safe, can you unhide it?
|
Assignee | |
Comment 1•12 years ago
|
||
|
|
Assignee | |
Updated•12 years ago
|
Attachment #694981 -
Flags: review?(rjesup)
|
||
Updated•12 years ago
|
Whiteboard: [WebRTC] [nICEr]
|
||
Updated•12 years ago
|
Attachment #694981 -
Flags: review?(rjesup) → review+
|
|
||
Comment 2•12 years ago
|
||
I think a random-memory read (and no use of the value read) is not a security issue.
Group: core-security
|
|
||
Comment 3•12 years ago
|
||
I see the cows are well out of the barn on this one, but I agree that there is no security issue here.
|
||
Comment 4•12 years ago
|
||
Assignee: nobody → ekr
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
|
||
Updated•12 years ago
|
Whiteboard: [WebRTC] [nICEr] → [WebRTC] [nICEr] [qa-]
|
|
||
Updated•12 years ago
|
Whiteboard: [WebRTC] [nICEr] [qa-] → [WebRTC] [nICEr] [qa-] [nICEr-upstream-needed]
You need to log in
before you can comment on or make changes to this bug.
Description
•