Closed Bug 353739 Opened 18 years ago Closed 18 years ago

Klocwork Null ptr dereferences in instance.c

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nelson, Assigned: alvolkov.bgs)

Details

(Keywords: klocwork)

Attachments

(1 file, 1 obsolete file)

fix as suggested
2.77 KB, patch
nelson
: review+
Details | Diff | Splinter Review 
Klocwork ID 92337
File     nss/lib/ckfw/instance.c
Function nssCKFWInstance_DestroySessionHandle

Pointer 'fwSession' returned from call to function 'nssCKFWHash_Lookup' at 
line 671 may be NULL and will be dereferenced by passing argument 1 to 
function 'nssCKFWSession_SetHandle' at line 675.

Klocwork ID 92338
File     nss/lib/ckfw/instance.c
Function nssCKFWInstance_ReassignObjectHandle

Pointer 'oldObject' returned from call to function 'nssCKFWHash_Lookup' at 
line 816 may be NULL and will be dereferenced by passing argument 1 to 
function 'nssCKFWObject_SetHandle' at line 819.

Klocwork ID 92339
File     nss/lib/ckfw/instance.c
Function nssCKFWInstance_DestroyObjectHandle

Pointer 'fwObject' returned from call to function 'nssCKFWHash_Lookup' at 
line 857 may be NULL and will be dereferenced by passing argument 1 to 
function 'nssCKFWObject_SetHandle' at line 861.
Keywords: klocwork
Priority: -- → P2
Target Milestone: --- → 3.12
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED

        Attachment #241206 -
        Flags: review?(nelson)

    
    

    
  
Comment on attachment 241206 [details] [diff] [review]
check pointer value returned by nssCKFWHash_Lookup

This change appears in two places:

>   fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup(
>                 fwInstance->sessionHandleHash, (const void *)hSession);
>-
>+  if (!fwSession) {
>+      (void)nssCKFWMutex_Unlock(fwInstance->mutex);
>+      return;
>+  }
>+      
>   nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession);
>   nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0);
> 
>   (void)nssCKFWMutex_Unlock(fwInstance->mutex);
> 
>   return;

In both places, I'd rather see

>   fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup(
>                 fwInstance->sessionHandleHash, (const void *)hSession);
>-
>-  nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession);
>-  nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0);
>+  if (fwSession) {
>+      nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession);
>+      nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0);
>+  }
> 
>   (void)nssCKFWMutex_Unlock(fwInstance->mutex);
> 
>   return;

        Attachment #241206 -
        Flags: review?(nelson) → review-

    
    

    
  

      
      
      
      

        Attached patch
          
          
        fix as suggestedSplinter Review
      

    


  

        Attachment #241206 -
        Attachment is obsolete: true

        Attachment #241214 -
        Flags: review?(nelson)

    
    

    
  
Comment on attachment 241214 [details] [diff] [review]
fix as suggested

r=nelson for trunk

        Attachment #241214 -
        Flags: review?(nelson) → review+

    
    

    
  
/cvsroot/mozilla/security/nss/lib/ckfw/instance.c,v  <--  instance.c
new revision: 1.11; previous revision: 1.10

Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: