Closed
Bug 974693
Opened 12 years ago
Closed 12 years ago
memory corruption in sec_pkcs12_new_asafe()
Categories
(NSS :: Libraries, defect, P1)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.16
People
(Reporter: maksqwe1, Assigned: maksqwe1)
Details
Attachments
(1 file)
|
522 bytes,
patch
|
ryan.sleevi
:
review+
wtc
:
review+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0 (Beta/Release)
Build ID: 20140212131424
Steps to reproduce:
.\security\nss\lib\pkcs12\p12creat.c - 57 - sec_pkcs12_new_asafe()
PORT_Memset(&asafe->old_baggage, 0, sizeof(SEC_PKCS7ContentInfo));
Actual results:
"asafe->old_baggage" is SEC_PKCS12Baggage_OLD that greatly smaller then SEC_PKCS7ContentInfo
|
Assignee | |
Updated•12 years ago
|
Component: Security → Libraries
Product: Core → NSS
Version: Trunk → trunk
|
||
Comment 1•12 years ago
|
||
Comment on attachment 8378659 [details] [diff] [review]
mem_corruption.patch
Patches go easily unnoticed without reviewers. Please reassign to someone else if it's not your area. If it's an unwanted change then please change bug status accordingly.
Attachment #8378659 -
Flags: review?(ryan.sleevi)
|
|
Assignee | |
Comment 2•12 years ago
|
||
I can't edit "Assigned To" field. I'll be glad if you help me with this.
|
|
||
Comment 3•12 years ago
|
||
Sorry I was so unclear. I meant that the reviewer can delegate the review if needed but at least it's on somebody's radar.
Assignee: nobody → maksqwe1
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
||
Updated•12 years ago
|
Attachment #8378659 -
Flags: review?(ryan.sleevi) → review+
|
|
||
Comment 4•12 years ago
|
||
I'm guessing you need this checked in as well?
|
||
Comment 5•12 years ago
|
||
Thank you Maks!
https://hg.mozilla.org/projects/nss/rev/3dc628d58607
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.16
|
||
Comment 6•12 years ago
|
||
Comment on attachment 8378659 [details] [diff] [review]
mem_corruption.patch
Review of attachment 8378659 [details] [diff] [review]:
-----------------------------------------------------------------
r=wtc.
::: security/nss/lib/pkcs12/p12creat.c
@@ +54,4 @@
> if(asafe == NULL)
> goto loser;
> asafe->poolp = poolp;
> + PORT_Memset(&asafe->old_baggage, 0, sizeof(SEC_PKCS12Baggage_OLD));
A common way to avoid this kind of bug is to say sizeof(asafe->old_baggage).
Attachment #8378659 -
Flags: review+
|
|
||
Updated•12 years ago
|
OS: Windows 7 → All
Priority: -- → P1
Hardware: x86_64 → All
You need to log in
before you can comment on or make changes to this bug.
Description
•