Closed
Bug 144309
Opened 22 years ago
Closed 22 years ago
STAN_GetCERTCertificate return value not checked
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
VERIFIED
FIXED
3.5
People
(Reporter: julien.pierre, Assigned: bugz)
References
Details
(Whiteboard: [adt2 RTM])
Attachments
(1 file, 1 obsolete file)
6.63 KB,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
In many parts of stanpcertdb.c , the returned CERTCertificate pointer is not checked. It can be NULL, for example for newly-decoded certificates.
Reporter | ||
Updated•22 years ago
|
OS: Windows 2000 → All
Priority: -- → P2
Target Milestone: --- → 3.5
Reporter | ||
Comment 1•22 years ago
|
||
Assignee | ||
Comment 3•22 years ago
|
||
This patch expands on the last one, to find all places where return from STAN_GetCERTCertificate can return NULL. As Julien noted, that can occur if the encoding was somehow invalid, or if CERT_DecodeDERCertificate failed for some other reason. This patch is somewhat paranoid. The most important change is in pkibase.c, where cert_CreateObject returns NULL if STAN_GetCERTCertificate fails. At that point, even the NSSCertificate is destroyed, and it disappears from the system. So in reality, hitting failure cases anywhere else should not happen. But I decided to be strict anyway.
Assignee | ||
Updated•22 years ago
|
Attachment #83434 -
Attachment is obsolete: true
Comment 4•22 years ago
|
||
Comment on attachment 83794 [details] [diff] [review] handle NULL rv's from all STAN_GetCERTCertificate calls r=wtc.
Attachment #83794 -
Flags: review+
Assignee | ||
Comment 5•22 years ago
|
||
checked into NSS_3_5_BRANCH and tip.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 6•22 years ago
|
||
adt1.0.1+ (on ADT's behalf) for checkin to the 1.0 branch. Pls check this in asap. thanks!
Whiteboard: [adt2 RTM]
Updated•22 years ago
|
Comment 7•22 years ago
|
||
Verified in the latest branch code. The patch is intact.
Status: RESOLVED → VERIFIED
Keywords: fixed1.0.1 → verified1.0.1
You need to log in
before you can comment on or make changes to this bug.
Description
•