Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Curl_nss_md5sum/Curl_nss_sha256sum doesn't check the context pointer, which may be NULL. Passing NULL pointer to PK11_DigestOp() will cause SIGSEGV if the input data is not empty.
PK11_DigestOp()
static CURLcode Curl_nss_md5sum(unsigned char *tmp, /* input */ size_t tmplen, unsigned char *md5sum, /* output */ size_t md5len) { PK11Context *MD5pw = PK11_CreateDigestContext(SEC_OID_MD5); unsigned int MD5out; PK11_DigestOp(MD5pw, tmp, curlx_uztoui(tmplen)); PK11_DigestFinal(MD5pw, md5sum, &MD5out, curlx_uztoui(md5len)); PK11_DestroyContext(MD5pw, PR_TRUE); return CURLE_OK; } static CURLcode Curl_nss_sha256sum(const unsigned char *tmp, /* input */ size_t tmplen, unsigned char *sha256sum, /* output */ size_t sha256len) { PK11Context *SHA256pw = PK11_CreateDigestContext(SEC_OID_SHA256); unsigned int SHA256out; PK11_DigestOp(SHA256pw, tmp, curlx_uztoui(tmplen)); PK11_DigestFinal(SHA256pw, sha256sum, &SHA256out, curlx_uztoui(sha256len)); PK11_DestroyContext(SHA256pw, PR_TRUE); return CURLE_OK; }
The following code is from the master branch of nss
SECStatus PK11_DigestOp(PK11Context *context, const unsigned char *in, unsigned inLen) { CK_RV crv = CKR_OK; SECStatus rv = SECSuccess; if (inLen == 0) { return SECSuccess; } if (!in) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } /* if we ran out of session, we need to restore our previously stored * state. */ context->init = PR_FALSE; ... ...
master branch. Maybe other branches also have this bug.
The text was updated successfully, but these errors were encountered:
I wish NSS was documented so we could actually read how PK11_CreateDigestContext() is supposed to behave...
PK11_CreateDigestContext()
Sorry, something went wrong.
PK11_CreateDigestContext will return NULL in case there is no slot/module for the requested algorithm.
PK11_CreateDigestContext
NULL
nss: check for PK11_CreateDigestContext() returning NULL
bd9ddf8
... to avoid crashes! Reported-by: Hao Wu Fixes #5302
cad15b9
Successfully merging a pull request may close this issue.
Curl_nss_md5sum/Curl_nss_sha256sum doesn't check the context pointer, which may be NULL.
Passing NULL pointer to
PK11_DigestOp()
will cause SIGSEGV if the input data is not empty.The following code is from the master branch of nss
I expected the following
curl/libcurl version
master branch. Maybe other branches also have this bug.
The text was updated successfully, but these errors were encountered: