Bug 896651
Summary: | PEM module trashes private keys if login fails | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nalin Dahyabhai <nalin> | ||||||
Component: | nss | Assignee: | Elio Maldonado Batiz <emaldona> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 18 | CC: | emaldona, kdudka, kengert, rrelyea | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | nss-3.14.3-1.fc18 nss-3.14.3-1.fc17 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | |||||||||
: | 1002204 1002205 (view as bug list) | Environment: | |||||||
Last Closed: | 2013-02-28 07:04:23 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 1002204, 1002205 | ||||||||
Attachments: |
|
Description
Nalin Dahyabhai
2013-01-17 16:54:39 UTC
Created attachment 680373 [details]
patch to only replace the encrypted data with decrypted data after it's vetted
Comment on attachment 680373 [details] patch to only replace the encrypted data with decrypted data after it's vetted > --- mozilla/security/nss/lib/ckfw/pem/psession.c > +++ mozilla/security/nss/lib/ckfw/pem/psession.c > @@ -230,6 +230,7 @@ pem_mdSession_Login > unsigned int len = 0; > NSSLOWKEYPrivateKey *lpk = NULL; > PLArenaPool *arena; > + SECItem plain; > int i; > > fwSlot = NSSCKFWToken_GetFWSlot(fwToken); > @@ -306,23 +321,31 @@ pem_mdSession_Login > lpk->keyType = NSSLOWKEYRSAKey; > prepare_low_rsa_priv_key_for_asn1(lpk); > > - nss_ZFreeIf(io->u.key.key.privateKey->data); > - io->u.key.key.privateKey->len = len - output[len - 1]; > - io->u.key.key.privateKey->data = > - (void *) nss_ZAlloc(NULL, io->u.key.key.privateKey->len); > - memcpy(io->u.key.key.privateKey->data, output, len - output[len - 1]); > + if (output[len - 1] > 8) { > + rv = CKR_GENERAL_ERROR; > + /* goto loser; */ > + } Why is the goto statement commented out? It makes the assignment redundant. It would also help to put there a comment saying which error case is being handled by the condition. (In reply to comment #2) > Comment on attachment 680373 [details] > patch to only replace the encrypted data with decrypted data after it's > vetted > > > --- mozilla/security/nss/lib/ckfw/pem/psession.c > > +++ mozilla/security/nss/lib/ckfw/pem/psession.c > > @@ -230,6 +230,7 @@ pem_mdSession_Login > > unsigned int len = 0; > > NSSLOWKEYPrivateKey *lpk = NULL; > > PLArenaPool *arena; > > + SECItem plain; > > int i; > > > > fwSlot = NSSCKFWToken_GetFWSlot(fwToken); > > @@ -306,23 +321,31 @@ pem_mdSession_Login > > lpk->keyType = NSSLOWKEYRSAKey; > > prepare_low_rsa_priv_key_for_asn1(lpk); > > > > - nss_ZFreeIf(io->u.key.key.privateKey->data); > > - io->u.key.key.privateKey->len = len - output[len - 1]; > > - io->u.key.key.privateKey->data = > > - (void *) nss_ZAlloc(NULL, io->u.key.key.privateKey->len); > > - memcpy(io->u.key.key.privateKey->data, output, len - output[len - 1]); > > + if (output[len - 1] > 8) { > > + rv = CKR_GENERAL_ERROR; > > + /* goto loser; */ > > + } > > Why is the goto statement commented out? It makes the assignment redundant. My early assumption that the size of the padding would always be smaller than the cipher block size proved to be incorrect. Feel free to drop that part. Created attachment 696984 [details]
the same patch, with redundant assignment removed
nss-3.14.3-1.fc18,nss-softokn-3.14.3-1.fc18,nss-util-3.14.3-1.fc18,nspr-4.9.5-2.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/nss-3.14.3-1.fc18,nss-softokn-3.14.3-1.fc18,nss-util-3.14.3-1.fc18,nspr-4.9.5-2.fc18 Package nss-3.14.3-1.fc18, nss-softokn-3.14.3-1.fc18, nss-util-3.14.3-1.fc18, nspr-4.9.5-2.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing nss-3.14.3-1.fc18 nss-softokn-3.14.3-1.fc18 nss-util-3.14.3-1.fc18 nspr-4.9.5-2.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-2929/nss-3.14.3-1.fc18,nss-softokn-3.14.3-1.fc18,nss-util-3.14.3-1.fc18,nspr-4.9.5-2.fc18 then log in and leave karma (feedback). nss-3.14.3-1.fc17,nss-softokn-3.14.3-1.fc17,nss-util-3.14.3-1.fc17,nspr-4.9.5-2.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/nss-3.14.3-1.fc17,nss-softokn-3.14.3-1.fc17,nss-util-3.14.3-1.fc17,nspr-4.9.5-2.fc17 nss-3.14.3-1.fc18, nss-softokn-3.14.3-1.fc18, nss-util-3.14.3-1.fc18, nspr-4.9.5-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. nss-3.14.3-1.fc17, nss-softokn-3.14.3-1.fc17, nss-util-3.14.3-1.fc17, nspr-4.9.5-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |