Closed
Bug 974693
Opened 10 years ago
Closed 10 years ago
memory corruption in sec_pkcs12_new_asafe()
Categories
(NSS :: Libraries, defect, P1)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.16
People
(Reporter: maksqwe1, Assigned: maksqwe1)
Details
Attachments
(1 file)
522 bytes,
patch
|
ryan.sleevi
:
review+
wtc
:
review+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0 (Beta/Release) Build ID: 20140212131424 Steps to reproduce: .\security\nss\lib\pkcs12\p12creat.c - 57 - sec_pkcs12_new_asafe() PORT_Memset(&asafe->old_baggage, 0, sizeof(SEC_PKCS7ContentInfo)); Actual results: "asafe->old_baggage" is SEC_PKCS12Baggage_OLD that greatly smaller then SEC_PKCS7ContentInfo
Assignee | ||
Updated•10 years ago
|
Component: Security → Libraries
Product: Core → NSS
Version: Trunk → trunk
Comment 1•10 years ago
|
||
Comment on attachment 8378659 [details] [diff] [review] mem_corruption.patch Patches go easily unnoticed without reviewers. Please reassign to someone else if it's not your area. If it's an unwanted change then please change bug status accordingly.
Attachment #8378659 -
Flags: review?(ryan.sleevi)
Assignee | ||
Comment 2•10 years ago
|
||
I can't edit "Assigned To" field. I'll be glad if you help me with this.
Comment 3•10 years ago
|
||
Sorry I was so unclear. I meant that the reviewer can delegate the review if needed but at least it's on somebody's radar.
Assignee: nobody → maksqwe1
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Updated•10 years ago
|
Attachment #8378659 -
Flags: review?(ryan.sleevi) → review+
Comment 4•10 years ago
|
||
I'm guessing you need this checked in as well?
Comment 5•10 years ago
|
||
Thank you Maks! https://hg.mozilla.org/projects/nss/rev/3dc628d58607
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.16
Comment 6•10 years ago
|
||
Comment on attachment 8378659 [details] [diff] [review] mem_corruption.patch Review of attachment 8378659 [details] [diff] [review]: ----------------------------------------------------------------- r=wtc. ::: security/nss/lib/pkcs12/p12creat.c @@ +54,4 @@ > if(asafe == NULL) > goto loser; > asafe->poolp = poolp; > + PORT_Memset(&asafe->old_baggage, 0, sizeof(SEC_PKCS12Baggage_OLD)); A common way to avoid this kind of bug is to say sizeof(asafe->old_baggage).
Attachment #8378659 -
Flags: review+
Updated•10 years ago
|
OS: Windows 7 → All
Priority: -- → P1
Hardware: x86_64 → All
You need to log in
before you can comment on or make changes to this bug.
Description
•