Closed
Bug 353739
Opened 18 years ago
Closed 18 years ago
Klocwork Null ptr dereferences in instance.c
Categories
(NSS :: Libraries, defect, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.12
People
(Reporter: nelson, Assigned: alvolkov.bgs)
Details
(Keywords: klocwork)
Attachments
(1 file, 1 obsolete file)
2.77 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
Klocwork ID 92337 File nss/lib/ckfw/instance.c Function nssCKFWInstance_DestroySessionHandle Pointer 'fwSession' returned from call to function 'nssCKFWHash_Lookup' at line 671 may be NULL and will be dereferenced by passing argument 1 to function 'nssCKFWSession_SetHandle' at line 675. Klocwork ID 92338 File nss/lib/ckfw/instance.c Function nssCKFWInstance_ReassignObjectHandle Pointer 'oldObject' returned from call to function 'nssCKFWHash_Lookup' at line 816 may be NULL and will be dereferenced by passing argument 1 to function 'nssCKFWObject_SetHandle' at line 819. Klocwork ID 92339 File nss/lib/ckfw/instance.c Function nssCKFWInstance_DestroyObjectHandle Pointer 'fwObject' returned from call to function 'nssCKFWHash_Lookup' at line 857 may be NULL and will be dereferenced by passing argument 1 to function 'nssCKFWObject_SetHandle' at line 861.
Reporter | ||
Updated•18 years ago
|
Priority: -- → P2
Target Milestone: --- → 3.12
Assignee | ||
Comment 1•18 years ago
|
||
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #241206 -
Flags: review?(nelson)
Reporter | ||
Comment 2•18 years ago
|
||
Comment on attachment 241206 [details] [diff] [review] check pointer value returned by nssCKFWHash_Lookup This change appears in two places: > fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup( > fwInstance->sessionHandleHash, (const void *)hSession); >- >+ if (!fwSession) { >+ (void)nssCKFWMutex_Unlock(fwInstance->mutex); >+ return; >+ } >+ > nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession); > nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0); > > (void)nssCKFWMutex_Unlock(fwInstance->mutex); > > return; In both places, I'd rather see > fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup( > fwInstance->sessionHandleHash, (const void *)hSession); >- >- nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession); >- nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0); >+ if (fwSession) { >+ nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession); >+ nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0); >+ } > > (void)nssCKFWMutex_Unlock(fwInstance->mutex); > > return;
Attachment #241206 -
Flags: review?(nelson) → review-
Assignee | ||
Comment 3•18 years ago
|
||
Attachment #241206 -
Attachment is obsolete: true
Attachment #241214 -
Flags: review?(nelson)
Reporter | ||
Comment 4•18 years ago
|
||
Comment on attachment 241214 [details] [diff] [review] fix as suggested r=nelson for trunk
Attachment #241214 -
Flags: review?(nelson) → review+
Assignee | ||
Comment 5•18 years ago
|
||
/cvsroot/mozilla/security/nss/lib/ckfw/instance.c,v <-- instance.c new revision: 1.11; previous revision: 1.10
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•