Closed
Bug 994869
Opened 10 years ago
Closed 10 years ago
PK11_DigestOp should allow in=NULL inLen=0
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.16.1
People
(Reporter: wtc, Assigned: wtc)
Details
Attachments
(1 file)
639 bytes,
patch
|
davidben
:
review+
rrelyea
:
superreview+
wtc
:
checked-in+
|
Details | Diff | Splinter Review |
In my fix for bug 276180, I added a null pointer check for the |in| input buffer for PK11_DigestOp: https://hg.mozilla.org/projects/nss/rev/135393275c21 It was intended to catch invalid input such as in=NULL inLen=8. This check is overly strict because a zero-length input is often represented as in=NULL inLen=0. One way to relax this is to remove the null pointer check from PK11_DigestOp. However, the info in bug 276180 shows the various <hash>_Update functions in nss/lib/freebl may not check its input, so it is less work to simply handle this in PK11_DigestOp.
Attachment #8404886 -
Flags: superreview?(rrelyea)
Attachment #8404886 -
Flags: review?(davidben)
Updated•10 years ago
|
Attachment #8404886 -
Flags: review?(davidben) → review+
Assignee | ||
Comment 1•10 years ago
|
||
Comment on attachment 8404886 [details] [diff] [review] PK11_DigestOp should allow a zero-length input to be represented as a null pointer Patch checked in: https://hg.mozilla.org/projects/nss/rev/c1cf0ec78e13
Attachment #8404886 -
Flags: checked-in+
Assignee | ||
Updated•10 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Comment 2•10 years ago
|
||
Comment on attachment 8404886 [details] [diff] [review] PK11_DigestOp should allow a zero-length input to be represented as a null pointer Review of attachment 8404886 [details] [diff] [review]: ----------------------------------------------------------------- The only possible issue is if we were depending on some side effect of calling the PKCS #11 module with a zero length. I don't think that's the case, however, so r+.
Attachment #8404886 -
Flags: superreview?(rrelyea) → superreview+
You need to log in
before you can comment on or make changes to this bug.
Description
•