BUG: Curl_nss_md5sum/Curl_nss_sha256sum doesn't check context value #5302
Comments
I wish NSS was documented so we could actually read how |
|
bagder
added a commit
that referenced
this issue
Apr 27, 2020
... to avoid crashes! Reported-by: Hao Wu Fixes #5302
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Curl_nss_md5sum/Curl_nss_sha256sum doesn't check the context pointer, which may be NULL.
Passing NULL pointer to
PK11_DigestOp()
will cause SIGSEGV if the input data is not empty.The following code is from the master branch of nss
I expected the following
curl/libcurl version
master branch. Maybe other branches also have this bug.
The text was updated successfully, but these errors were encountered: