Closed
Bug 235617
Opened 21 years ago
Closed 21 years ago
CERT_DecodeTrustString crashes if either input arg is NULL
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.10
People
(Reporter: nelson, Assigned: nelson)
Details
Attachments
(1 file)
|
877 bytes,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
This bug is shown by the same test program used in bug 39495.
Patch forthcoming.
|
Assignee | |
Comment 1•21 years ago
|
||
This patch detects NULL pointers and returns error SEC_ERROR_INVALID_ARGS, but
it still initializes the trust flags to zero, if it can.
|
|
Assignee | |
Updated•21 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: --- → 3.10
|
|
Assignee | |
Updated•21 years ago
|
Attachment #142268 -
Flags: review?(wchang0222)
|
||
Comment 2•21 years ago
|
||
Comment on attachment 142268 [details] [diff] [review]
patch v1
r=wtc.
Can we test for both a null 'trust' and a null 'trusts'
at the beginning of the function, before we start to
set trust->xxxFlags to 0? That is:
+ if (!trust || !trusts) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
trust->sslFlags = 0;
trust->emailFlags = 0;
trust->objectSigningFlags = 0;
Attachment #142268 -
Flags: review?(wchang0222) → review+
|
|
||
Comment 3•21 years ago
|
||
Comment on attachment 142268 [details] [diff] [review]
patch v1
OK, I saw that you did that intentionally.
My previous comment showed that the new code
will be prone to mistakes by a future maintainer.
I expect that a function has no side effect if
it fails. If that's not the case, I guess we
can document it...
|
|
Assignee | |
Comment 4•21 years ago
|
||
I coded it this way so that the trust flags would get initialized, even
if nothing else happened.
/cvsroot/mozilla/security/nss/lib/certdb/certdb.c,v <-- certdb.c
new revision: 1.64; previous revision: 1.63
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•