Closed Bug 353763 Opened 18 years ago Closed 18 years ago

klocwork Null ptr dereferences in pk11cert.c

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nelson, Assigned: alvolkov.bgs)

Details

(Keywords: klocwork)

Attachments

(1 file)

fix
6.40 KB, patch
nelson
: review+
Details | Diff | Splinter Review 
All these klocwork IDs are in 
File nss/lib/pk11wrap/pk11cert.c

Klocwork ID 88363
Function PK11_FindCertsFromNickname

Pointer 'certList' returned from call to function 'CERT_NewCertList' at 
line 739 may be NULL and may be dereferenced by passing argument 1 to 
function 'CERT_AddCertToListSorted' at line 745.

741	    CERTCertificate *certCert = STAN_GetCERTCertificateOrRelease(c); 
742	    /* c may be invalid after this, don't reference it */ 
743	    if (certCert) { 
744	        /* CERT_AddCertToListSorted adopts certCert  */ 
745		CERT_AddCertToListSorted(certList, certCert, 
746			             CERT_SortCBValidity, &now);
ID:       92197
Function: PK11_FindCertFromNickname
Location: nss/lib/pk11wrap/pk11cert.c : 543

Suspicious dereference of pointer 'nickCopy' by passing argument 1 to 
function 'strchr' at line 543 before NULL check at line 633
(Should be a null check between lines 542 and 543)

542	    nickCopy = PORT_Strdup(nickname); 
543	    if ((delimit = PORT_Strchr(nickCopy,':')) != NULL) { 

----

ID:       92198
Function: PK11_FindCertsFromNickname
Location: nss/lib/pk11wrap/pk11cert.c : 654

Suspicious dereference of pointer 'nickCopy' by passing argument 1 to 
function 'strchr' at line 654 before NULL check at line 678
(Should be a null check between lines 653 and 654)

653	    nickCopy = PORT_Strdup(nickname); 
654	    if ((delimit = PORT_Strchr(nickCopy,':')) != NULL) { 

----

ID:       88363
Location: nss/lib/pk11wrap/pk11cert.c : 745
Function: PK11_FindCertsFromNickname

Pointer 'certList' returned from call to function 'CERT_NewCertList' at 
line 739 may be NULL and may be dereferenced by passing argument 1 to 
function 'CERT_AddCertToListSorted' at line 745.


741	    CERTCertificate *certCert = STAN_GetCERTCertificateOrRelease(c); 
742	    /* c may be invalid after this, don't reference it */ 
743	    if (certCert) { 
744	        /* CERT_AddCertToListSorted adopts certCert  */ 
745		CERT_AddCertToListSorted(certList, certCert, 
746			CERT_SortCBValidity, &now); 

----

ID:       92199
Function: PK11_ImportCert
Location: nss/lib/pk11wrap/pk11cert.c : 840

Pointer 'c' returned from call to function 'STAN_GetNSSCertificate' at 
line 837 may be NULL and will be dereferenced at line 840.

834	    if (cert->nssCertificate) { 
835		c = cert->nssCertificate; 
836	    } else { 
837		c = STAN_GetNSSCertificate(cert); 
838	    } 
840	    if (c->object.cryptoContext) { 

----

ID:       88377
Function: PK11_NumberCertsForCertSubject
Location: nss/lib/pk11wrap/pk11cert.c : 1675

Pointer 'list' returned from call to function 'PK11_GetAllTokens' at 
line 1669 may be NULL and will be dereferenced at line 1675.

1669	PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, 
1670							PR_FALSE,PR_TRUE,NULL); 
1671	PK11SlotListElement *le; 
1675	for (le = list->head; le; le = le->next) { 

----- 

ID:       88391
Function: PK11_TraverseCertsForSubject
Location: nss/lib/pk11wrap/pk11cert.c : 1701

Pointer 'list' returned from call to function 'PK11_GetAllTokens' at 
line 1696 may be NULL and will be dereferenced at line 1701.

1696		PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, 
1697						PR_FALSE,PR_TRUE,NULL); 
1698		PK11SlotListElement *le; 
1701		for (le = list->head; le; le = le->next) { 

------

ID:       88382
Function: PK11_FindBestKEAMatch
Location: nss/lib/pk11wrap/pk11cert.c : 2141

Pointer 'keaList' returned from call to function 'PK11_GetAllTokens' at 
line 2134 may be NULL and will be dereferenced at line 2141.

2134	    PK11SlotList *keaList = PK11_GetAllTokens(CKM_KEA_KEY_DERIVE, 
2135						PR_FALSE,PR_TRUE,wincx); 
2136	    PK11SlotListElement *le; 
2141	    for (le = keaList->head; le; le = le->next) { 

----

ID:       92200
Function: listCertsCallback
Location: nss/lib/pk11wrap/pk11cert.c : 2412

Pointer 'c' returned from call to function 'STAN_GetNSSCertificate' at 
line 2410 may be NULL and will be dereferenced at line 2412.

2410	    NSSCertificate *c = STAN_GetNSSCertificate(cert); 
2411	 
2412	    instances = nssPKIObject_GetInstances(&c->object);
Priority: -- → P2
Target Milestone: --- → 3.12
Attached patch fixSplinter Review 
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED

        Attachment #243544 -
        Flags: review?(nelson)

    
    

    
  
Comment on attachment 243544 [details] [diff] [review]
fix

r=nelson

        Attachment #243544 -
        Flags: review?(nelson) → review+

    
    

    
  
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11cert.c,v  <--  pk11cert.c
new revision: 1.155; previous revision: 1.154

Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: