Closed Bug 245943 Opened 20 years ago Closed 20 years ago

CERT_DestroyCertificate crashes on CMMF decoded cert

Categories

(NSS :: Libraries, defect, P1)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: nelson, Assigned: nelson)

References

Details

Attachments

(1 file)

As noted in bug 245941, the CMMF message decoder decodes certs into 
CERTCertificate structs that are otherwise unknown to NSS.  
When one calls CERT_DestroyCertificate to destroy one of them, 
it crashes, attempting to free a null arena pool.

The fix is for CERT_DestroyCertificate to check the arenapool pointer 
before trying to free it.  Maybe the function should also return an error
code, although it presently returns void.

Patch forthcoming.
Since this function is a void function, no point in setting an error code.
Comment on attachment 150316 [details] [diff] [review]
patch v1 - don't crash on NULL arena pointer

Julien, please review.
Attachment #150316 - Flags: review?(julien.pierre.bugs)
Attachment #150316 - Flags: review?(julien.pierre.bugs) → review+
Thanks for the quick review. 
Patch checked in.  

/cvsroot/mozilla/security/nss/lib/certdb/stanpcertdb.c,v  <--  stanpcertdb.c
new revision: 1.65; previous revision: 1.64

marking fixed.
Status: NEW → RESOLVED
Closed: 20 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.10
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: