135818 - Internal slot reference leaks in lib/pk11wrap/pk11slot.c

Status: RESOLVED FIXED

(NSS :: Libraries, defect, P1)

Description

[Wan-Teh Chang]

1. PK11_VerifySlotMechanisms() calls PK11_GetInternalSlot() and
that slot reference is not freed on this error path:

1568     /* don't blow up just because the card supports more mechanisms than
1569      * we know about, just alloc space for them */
1570     if (count > MAX_MECH_LIST_SIZE) {
1571         mechList = (CK_MECHANISM_TYPE *)
1572                             PORT_Alloc(count *sizeof(CK_MECHANISM_TYPE));
1573         alloced = PR_TRUE;
1574         if (mechList == NULL) return PR_FALSE;
1575     }

2. PK11_InitToken() calls PK11_GetInternalSlot() and does not
free that slot reference.

3. PK11_MapPBEMechanismToCryptoMechanism() calls PK11_GetInternalSlot()
but does not free that slot reference.

Comment 1

[Wan-Teh Chang]

Changed the QA contact to Bishakha.

Comment 2

[Wan-Teh Chang]

Attachment: Proposed patch for leaks #1 and #2

Bob fixed the third leak (in PK11_MapPBEMechanismToCryptoMechanism())
in rev. 1.36 of pk11slot.c.

This patch fixes the first two leaks.  Bob, please review.  Thanks.

Comment 3

[Wan-Teh Chang]

Assigned the bug to Bob.

Comment 4

[Robert Relyea]

Comment on attachment 82963 [details] [diff] [review]
Proposed patch for leaks #1 and #2

Both cases look good

Comment 5

[Wan-Teh Chang]

Fix checked into the tip of NSS.

Comment 6

[Jaime Rodriguez, Jr.]

adt1.0.1+ (on ADT's behalf) for checkin to the 1.0 branch. Pls check this in
asap. thanks!