Closed
Bug 891145
Opened 11 years ago
Closed 11 years ago
null dereference in PK11_FreeSlot (pk11slot.c:452) via crypto.generateCRMFRequest
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 849553
People
(Reporter: keeler, Unassigned)
Details
In testing out a fix for another generateCRMFRequest bug, I attempted to evaluate 'crypto.generateCRMFRequest("CN=somedomain.org", "0", "0", null, "alert(1)", 64, null, "rsa-ex")' in the web console, which caused a crash dereferencing a null pointer (non-zero offset). This looks a lot like one of the issues brought up in bug 849553, but I think this is more dangerous than the dos issue, so I'm filing a new bug and marking it as security-sensitive.
Reporter | ||
Comment 1•11 years ago
|
||
Actually, I think the problem here is that the key size is too small, which really does make this the same as bug 849553.
Group: core-security
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•