Open Bug 711476 Opened 13 years ago Updated 6 months ago

Potential NULL pointer dereference in security/nss/cmd/checkcert/checkcert.c

Categories

(NSS :: Tools, defect, P5)

Product:
NSS
Component:
Tools
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

People

(Reporter: julia.lawall, Unassigned)

Details

User Agent: Mozilla/5.0 (Ubuntu; X11; Linux i686; rv:8.0) Gecko/20100101 Firefox/8.0
Build ID: 20111115183158

Steps to reproduce:

The tool Coccinelle (http://coccinelle.lip6.fr) found the following code in the file security/nss/cmd/checkcert/checkcert.c in the function OurVerifyData.  The second argument of SECU_PrintAsHex in the else branch is dereferenced by SECU_PrintAsHex, which will cause a NULL pointer dereference.

        if ( oiddata ) {
            printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc);
	} else {
            SECU_PrintAsHex(stdout,
                            &oiddata->oid, "PROBLEM: UNKNOWN OID", 0);
        }
Component: General → Security
Product: Firefox → Core
QA Contact: general → toolkit
Assignee: nobody → nobody
Status: UNCONFIRMED → NEW
Component: Security → Tools
Ever confirmed: true
Product: Core → NSS
Version: 8 Branch → trunk
Severity: normal → S3
Severity: S3 → S4
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.