dev-security@lists.mozilla.org api-sanity in nss

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

dev-security@lists.mozilla.org api-sanity in nss

zhujianwei (C)
Hi , [hidden email]

I found a bug in function NSS_CMSSignedData_GetSignerInfo, sigd->signerInfos not judged !NULL before use. It cause core dump.

NSSCMSSignerInfo *
NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i)
{
    if (!sigd) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return NULL;
    }
    return sigd->signerInfos[i];
}


Signed-off-by: zhujianwei7 <[hidden email]>
---

diff -uNr nss/lib/smime/cmssigdata.c nss.fix/lib/smime/cmssigdata.c
--- nss/lib/smime/cmssigdata.c  2018-12-01 06:41:31.000000000 +0800
+++ nss.fix/lib/smime/cmssigdata.c  2020-04-08 08:20:28.931050077 +0800
@@ -476,7 +476,7 @@
 NSSCMSSignerInfo *
 NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i)
 {
-    if (!sigd) {
+    if (!sigd || !sigd->signerInfos) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security
Reply | Threaded
Open this post in threaded view
|

Re: dev-security@lists.mozilla.org api-sanity in nss

Frederik Braun
Hi,

thank you for sending us this bug report with a patch!


Discussions about NSS are best sent to [hidden email].

But I have filed a bug at
<https://bugzilla.mozilla.org/show_bug.cgi?id=1630925> nevertheless.

Cheers,
Freddy


Am 16.04.20 um 15:49 schrieb zhujianwei (C):

> Hi , [hidden email]
>
> I found a bug in function NSS_CMSSignedData_GetSignerInfo, sigd->signerInfos not judged !NULL before use. It cause core dump.
>
> NSSCMSSignerInfo *
> NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i)
> {
>     if (!sigd) {
>         PORT_SetError(SEC_ERROR_INVALID_ARGS);
>         return NULL;
>     }
>     return sigd->signerInfos[i];
> }
>
>
> Signed-off-by: zhujianwei7 <[hidden email]>
> ---
>
> diff -uNr nss/lib/smime/cmssigdata.c nss.fix/lib/smime/cmssigdata.c
> --- nss/lib/smime/cmssigdata.c  2018-12-01 06:41:31.000000000 +0800
> +++ nss.fix/lib/smime/cmssigdata.c  2020-04-08 08:20:28.931050077 +0800
> @@ -476,7 +476,7 @@
>  NSSCMSSignerInfo *
>  NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i)
>  {
> -    if (!sigd) {
> +    if (!sigd || !sigd->signerInfos) {
>          PORT_SetError(SEC_ERROR_INVALID_ARGS);
>          return NULL;
>      }
> _______________________________________________
> dev-security mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-security
>
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security