info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
dev-security@lists.mozilla.org api-sanity in nss
30 views
Skip to first unread message
zhujianwei (C)
Apr 16, 2020, 9:50:10 AM4/16/20
to dev-se...@lists.mozilla.org
Hi , dev-se...@lists.mozilla.org
I found a bug in function NSS_CMSSignedData_GetSignerInfo, sigd->signerInfos not judged !NULL before use. It cause core dump.
NSSCMSSignerInfo *
NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i)
{
if (!sigd) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
return sigd->signerInfos[i];
}
Signed-off-by: zhujianwei7 <zhuji...@huawei.com>
---
diff -uNr nss/lib/smime/cmssigdata.c nss.fix/lib/smime/cmssigdata.c
--- nss/lib/smime/cmssigdata.c 2018-12-01 06:41:31.000000000 +0800
+++ nss.fix/lib/smime/cmssigdata.c 2020-04-08 08:20:28.931050077 +0800
@@ -476,7 +476,7 @@
NSSCMSSignerInfo *
NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i)
{
- if (!sigd) {
+ if (!sigd || !sigd->signerInfos) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
I found a bug in function NSS_CMSSignedData_GetSignerInfo, sigd->signerInfos not judged !NULL before use. It cause core dump.
NSSCMSSignerInfo *
NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i)
{
if (!sigd) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
return sigd->signerInfos[i];
}
Signed-off-by: zhujianwei7 <zhuji...@huawei.com>
---
diff -uNr nss/lib/smime/cmssigdata.c nss.fix/lib/smime/cmssigdata.c
--- nss/lib/smime/cmssigdata.c 2018-12-01 06:41:31.000000000 +0800
+++ nss.fix/lib/smime/cmssigdata.c 2020-04-08 08:20:28.931050077 +0800
@@ -476,7 +476,7 @@
NSSCMSSignerInfo *
NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i)
{
- if (!sigd) {
+ if (!sigd || !sigd->signerInfos) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
Frederik Braun
Apr 17, 2020, 7:00:08 AM4/17/20
to zhujianwei (C), dev-se...@lists.mozilla.org
Hi,
thank you for sending us this bug report with a patch!
Discussions about NSS are best sent to dev-tec...@lists.mozilla.org.
But I have filed a bug at
<https://bugzilla.mozilla.org/show_bug.cgi?id=1630925> nevertheless.
Cheers,
Freddy
Am 16.04.20 um 15:49 schrieb zhujianwei (C):
> _______________________________________________
> dev-security mailing list
> dev-se...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security
>
thank you for sending us this bug report with a patch!
Discussions about NSS are best sent to dev-tec...@lists.mozilla.org.
But I have filed a bug at
<https://bugzilla.mozilla.org/show_bug.cgi?id=1630925> nevertheless.
Cheers,
Freddy
Am 16.04.20 um 15:49 schrieb zhujianwei (C):
> dev-security mailing list
> dev-se...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security
>
0 new messages