Closed
Bug 957727
Opened 11 years ago
Closed 11 years ago
Incorrect parentheses around the key object attribute checks for CKK_NSS_JPAKE_ROUND1 in sftk_handlePrivateKeyObject
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.15.5
People
(Reporter: wtc, Assigned: wtc)
Details
Attachments
(1 file)
1.49 KB,
patch
|
briansmith
:
review+
|
Details | Diff | Splinter Review |
Nico Weber of Google reported this bug. It was found by his experimental clang warning. In nss/lib/softoken/pkcs11.c, function sftk_handlePrivateKeyObject, we have: case CKK_NSS_JPAKE_ROUND1: if (!sftk_hasAttribute(object, CKA_PRIME || !sftk_hasAttribute(object, CKA_SUBPRIME) || !sftk_hasAttribute(object, CKA_BASE))) { return CKR_TEMPLATE_INCOMPLETE; } The closing parenthesis ')' after CKA_PRIME is missing. Since CKA_PRIME is nonzero (0x00000130), the second and third sftk_hasAttribute calls are not evaluated, and this code is equivalent to: case CKK_NSS_JPAKE_ROUND1: if (!sftk_hasAttribute(object, 1)) { return CKR_TEMPLATE_INCOMPLETE; } 1 is the value of CKA_TOKEN. I guess |object| always has the CKA_TOKEN attribute because sftk_handleObject calls crv = sftk_defaultAttribute(object,CKA_TOKEN,&ckfalse,sizeof(CK_BBOOL)); and then calls sftk_handleKeyObject, which is the only function that calls sftk_handlePrivateKeyObject. This must be why this check hasn't failed in practice. Note: based on the code in jpake_Round1, I think this should also check for the CKA_NSS_JPAKE_SIGNERID attribute. The patch also fixes a missing break statement in nss/lib/softoken/pkcs11c.c, function NSC_GenerateKey, which I noticed while reviewing code related to CKK_NSS_JPAKE_ROUND1.
Attachment #8357298 -
Flags: review?(brian)
Updated•11 years ago
|
Attachment #8357298 -
Flags: review?(brian) → review+
Assignee | ||
Comment 1•11 years ago
|
||
Patch checked in: https://hg.mozilla.org/projects/nss/rev/47e537892f5a
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Target Milestone: 3.15.5 → 3.16
Assignee | ||
Updated•11 years ago
|
Target Milestone: 3.16 → 3.15.5
You need to log in
before you can comment on or make changes to this bug.
Description
•