Closed Bug 891145 Opened 9 years ago Closed 9 years ago

null dereference in PK11_FreeSlot (pk11slot.c:452) via crypto.generateCRMFRequest

Categories

(Core :: Security: PSM, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 849553

People

(Reporter: keeler, Unassigned)

Details

In testing out a fix for another generateCRMFRequest bug, I attempted to evaluate 'crypto.generateCRMFRequest("CN=somedomain.org", "0", "0", null, "alert(1)", 64, null, "rsa-ex")' in the web console, which caused a crash dereferencing a null pointer (non-zero offset).

This looks a lot like one of the issues brought up in bug 849553, but I think this is more dangerous than the dos issue, so I'm filing a new bug and marking it as security-sensitive.
Actually, I think the problem here is that the key size is too small, which really does make this the same as bug 849553.
Group: core-security
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 849553
You need to log in before you can comment on or make changes to this bug.