Closed Bug 891145 Opened 9 years ago Closed 9 years ago
null dereference in PK11
_Free Slot (pk11slot .c:452) via crypto .generate CRMFRequest
In testing out a fix for another generateCRMFRequest bug, I attempted to evaluate 'crypto.generateCRMFRequest("CN=somedomain.org", "0", "0", null, "alert(1)", 64, null, "rsa-ex")' in the web console, which caused a crash dereferencing a null pointer (non-zero offset). This looks a lot like one of the issues brought up in bug 849553, but I think this is more dangerous than the dos issue, so I'm filing a new bug and marking it as security-sensitive.
Actually, I think the problem here is that the key size is too small, which really does make this the same as bug 849553.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 849553
You need to log in before you can comment on or make changes to this bug.