Bug 847462 - pem module may attempt to free an uninitialized pointer
Summary: pem module may attempt to free an uninitialized pointer
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: nss
Version: rawhide
Hardware: x86_64
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Elio Maldonado Batiz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 717338 805232
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-08-11 17:18 UTC by Elio Maldonado Batiz
Modified: 2013-01-12 15:22 UTC (History)
7 users (show)

Fixed In Version:
Clone Of: 805232
Environment:
Last Closed: 2013-01-12 00:44:06 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
changes to spec file to rebase pem (2.02 KB, patch)
2012-08-11 17:33 UTC, Elio Maldonado Batiz
rrelyea: review+
kdudka: review+
Details | Diff
The fixes since the last tar ball - Kamil's fixes (4.14 KB, patch)
2012-08-13 16:23 UTC, Elio Maldonado Batiz
rrelyea: review+
kdudka: review+
Details | Diff

Comment 1 Elio Maldonado Batiz 2012-08-11 17:21:20 UTC
The simplest way to pick up this fix in fedora is to update the nss-pem sources to the usptream ones in the fedora hoted nss-pem which has the fix applied.

Comment 2 Elio Maldonado Batiz 2012-08-11 17:33:47 UTC
Created attachment 603698 [details]
changes to spec file to rebase pem

With this upgrade we pick up the following two bug fixes from rhel-6.3
rhbz#847460 - Fix invalid read and free on invalid cert load
rhbz#847462 - PEM module may attempt to free uninitialized pointer

Comment 4 Elio Maldonado Batiz 2012-08-12 21:58:40 UTC
Comment on attachment 603698 [details]
changes to spec file to rebase pem

The changes in the spec file are simple and don't reveal much as it's merely picking up a new source tar ball.  The best way to check is to compare the pem source directory against the one in rhel-6.3 after all patches have been applied in each side. 

The only difference should be in pinst.c where the code to handle informing the caller that the pem module isn't thread safe is cleaner in fedora that in rhel6 but otherwise they accompish the same thing. 

You will notice other diffrences in build related files. Some things we do on fedora we aren't ready yet to bring them to rhel 6. They will be on rhel-7.

Comment 5 Elio Maldonado Batiz 2012-08-12 22:03:16 UTC
By the way, same changes as for Bug 847460.

Comment 6 Elio Maldonado Batiz 2012-08-13 16:23:52 UTC
Created attachment 604040 [details]
The fixes since the last tar ball - Kamil's fixes

This diff shows only what's been brought in - ommiting distracting changes from that extra build related patch in fedora. 

I constructed the attached diff as follows:
1. git clone ssh://YOURNAME.org/git/nss-pem.git
2. Did a a git log to find the proper changesets to compare
3. git diff --unified=15 6c2fb89bbf65762779fe800714dde579298f7eb9 07a683505d4a0a1113c4085c1ce117425d0afd80 > pick-up-fixes-from-rhel-6.3.patch.

Comment 7 Bob Relyea 2012-08-27 22:06:35 UTC
Comment on attachment 603698 [details]
changes to spec file to rebase pem

r+

Comment 8 Bob Relyea 2012-08-27 22:34:31 UTC
-- Additional comment from rrelyea on 2012-06-01 15:18:10 EDT ---

OK, I've convinced myself that this particular usage is using malloc/free (in the midst of a large number of nss_ZNew/nss_ZFree calls, including the call that allocates the array which we aare storing the point in itself.

Anyway the free call is in pobject.c (right before we nss_ZFree the array). There are also places in pinst.c where we get access to this data, but there we just leak it!

the AddObjectIf was my mistake. It deals with the uninitialized reference (which is what the second part of the patch fixes).

Anyway Kamel's patch is fine for now. I *REALLY* would like the memory management issues I brought up upstream fixed in this module. It's one of the primary reasons the model has not been accepted upstream yet.


bob

Comment 9 Bob Relyea 2012-08-27 22:34:57 UTC
Comment on attachment 604040 [details]
The fixes since the last tar ball - Kamil's fixes

r+ reluctant. The patch works, but the whole structure needs to be reworked. See my previous comment from the RHEL bug replicated above.

Comment 10 Kamil Dudka 2012-08-28 11:25:22 UTC
Comment on attachment 603698 [details]
changes to spec file to rebase pem

r+

Comment 11 Kamil Dudka 2012-08-28 11:25:25 UTC
Comment on attachment 604040 [details]
The fixes since the last tar ball - Kamil's fixes

r+

Comment 12 Fedora Update System 2012-09-29 19:08:30 UTC
nss-3.13.5-3.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/nss-3.13.5-3.fc17

Comment 13 Fedora Update System 2012-09-29 19:11:22 UTC
nss-3.13.5-2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/nss-3.13.5-2.fc16

Comment 14 Fedora Update System 2012-09-30 02:27:20 UTC
Package nss-3.13.5-2.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nss-3.13.5-2.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-15090/nss-3.13.5-2.fc16
then log in and leave karma (feedback).

Comment 15 Fedora Update System 2013-01-03 22:27:18 UTC
nss-3.14.1-3.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/nss-3.14.1-3.fc17

Comment 16 Fedora Update System 2013-01-03 22:27:39 UTC
nss-3.14.1-3.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/nss-3.14.1-3.fc18

Comment 17 Fedora Update System 2013-01-03 22:27:57 UTC
nss-3.14.1-3.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/nss-3.14.1-3.fc16

Comment 18 Fedora Update System 2013-01-12 00:44:08 UTC
nss-3.14.1-3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2013-01-12 15:03:50 UTC
nss-3.14.1-3.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 20 Fedora Update System 2013-01-12 15:22:53 UTC
nss-3.14.1-3.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.