Red Hat Bugzilla – Bug 847462
pem module may attempt to free an uninitialized pointer
Last modified: 2013-01-12 10:22:53 EST
The simplest way to pick up this fix in fedora is to update the nss-pem sources to the usptream ones in the fedora hoted nss-pem which has the fix applied.
Created attachment 603698 [details] changes to spec file to rebase pem With this upgrade we pick up the following two bug fixes from rhel-6.3 rhbz#847460 - Fix invalid read and free on invalid cert load rhbz#847462 - PEM module may attempt to free uninitialized pointer
Comment on attachment 603698 [details] changes to spec file to rebase pem The changes in the spec file are simple and don't reveal much as it's merely picking up a new source tar ball. The best way to check is to compare the pem source directory against the one in rhel-6.3 after all patches have been applied in each side. The only difference should be in pinst.c where the code to handle informing the caller that the pem module isn't thread safe is cleaner in fedora that in rhel6 but otherwise they accompish the same thing. You will notice other diffrences in build related files. Some things we do on fedora we aren't ready yet to bring them to rhel 6. They will be on rhel-7.
By the way, same changes as for Bug 847460.
Created attachment 604040 [details] The fixes since the last tar ball - Kamil's fixes This diff shows only what's been brought in - ommiting distracting changes from that extra build related patch in fedora. I constructed the attached diff as follows: 1. git clone ssh://YOURNAME@git.fedorahosted.org/git/nss-pem.git 2. Did a a git log to find the proper changesets to compare 3. git diff --unified=15 6c2fb89bbf65762779fe800714dde579298f7eb9 07a683505d4a0a1113c4085c1ce117425d0afd80 > pick-up-fixes-from-rhel-6.3.patch.
Comment on attachment 603698 [details] changes to spec file to rebase pem r+
-- Additional comment from rrelyea@redhat.com on 2012-06-01 15:18:10 EDT --- OK, I've convinced myself that this particular usage is using malloc/free (in the midst of a large number of nss_ZNew/nss_ZFree calls, including the call that allocates the array which we aare storing the point in itself. Anyway the free call is in pobject.c (right before we nss_ZFree the array). There are also places in pinst.c where we get access to this data, but there we just leak it! the AddObjectIf was my mistake. It deals with the uninitialized reference (which is what the second part of the patch fixes). Anyway Kamel's patch is fine for now. I *REALLY* would like the memory management issues I brought up upstream fixed in this module. It's one of the primary reasons the model has not been accepted upstream yet. bob
Comment on attachment 604040 [details] The fixes since the last tar ball - Kamil's fixes r+ reluctant. The patch works, but the whole structure needs to be reworked. See my previous comment from the RHEL bug replicated above.
Comment on attachment 604040 [details] The fixes since the last tar ball - Kamil's fixes r+
nss-3.13.5-3.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/nss-3.13.5-3.fc17
nss-3.13.5-2.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/nss-3.13.5-2.fc16
Package nss-3.13.5-2.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing nss-3.13.5-2.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-15090/nss-3.13.5-2.fc16 then log in and leave karma (feedback).
nss-3.14.1-3.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/nss-3.14.1-3.fc17
nss-3.14.1-3.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/nss-3.14.1-3.fc18
nss-3.14.1-3.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/nss-3.14.1-3.fc16
nss-3.14.1-3.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
nss-3.14.1-3.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
nss-3.14.1-3.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.