Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- static SECStatus
- ssl3_SendEncryptedExtensions(sslSocket *ss)
- {
- static const unsigned char P256_SPKI_PREFIX[] = {
- 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
- 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
- 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
- 0x42, 0x00, 0x04
- };
- ....
- if (.... ||
- memcmp(spki->data, P256_SPKI_PREFIX,
- sizeof(P256_SPKI_PREFIX) != 0))
- {
- PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY);
- rv = SECFailure;
- goto loser;
- }
- ....
- }
- This is what should have been written here: memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX)) != 0)
- This suspicious code was found in nss project by PVS-Studio static code analyzer.
- Warning message is:
- V526 The 'memcmp' function returns 0 if corresponding buffers are equal. Consider examining the condition for mistakes. ssl3con.c 10533
- PVS-Studio is a static analyzer for detecting bugs in the source code of applications written in C, C++, C++11, C++/CX. Site: http://www.viva64.com/en/pvs-studio/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement