Last Comment Bug 103893 - nickname is not NULL-terminated
: nickname is not NULL-terminated
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.3
: All All
: P2 minor (vote)
: 3.3.2
Assigned To: Jamie Nicolson
: Sonja Mirtitsch
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2001-10-09 12:19 PDT by Jamie Nicolson
Modified: 2001-12-12 17:40 PST (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
proposed patch to pkcs11.c (756 bytes, patch)
2001-10-09 13:54 PDT, Jamie Nicolson
wtc: review+
Details | Diff | Splinter Review

Description Jamie Nicolson 2001-10-09 12:19:22 PDT
This code at pkcs11.c:656, in pk11_handleCertObject, doesn't properly
NULL-terminate the copied nickname string.

cert->nickname = (char *)PORT_ArenaAlloc(cert->arena, PORT_Strlen(label)+1);   
       if(cert->nickname == NULL) {
    return CKR_HOST_MEMORY;
}
PORT_Memcpy(cert->nickname, label, PORT_Strlen(label));

This doesn't cause any problems in the code path I witnessed, but it did cause
some confusion during debugging.
Comment 1 Wan-Teh Chang 2001-10-09 13:28:47 PDT
That whole thing can be replaced by a PORT_ArenaStrdup call:
    cert->nickname = PORT_ArenaStrdup(cert->arena, label);

Could you take care of that?  Do you think this fix should
also be checked in on the NSS_3_3_BRANCH? 
Comment 2 Jamie Nicolson 2001-10-09 13:54:05 PDT
Created attachment 52769 [details] [diff] [review]
proposed patch to pkcs11.c
Comment 3 Jamie Nicolson 2001-10-09 13:56:36 PDT
OK, checked in on the NSS_3_3_BRANCH and the trunk.

/cvsroot/mozilla/security/nss/lib/softoken/pkcs11.c,v  <--  pkcs11.c
new revision: 1.8.2.3; previous revision: 1.8.2.2

/cvsroot/mozilla/security/nss/lib/softoken/pkcs11.c,v  <--  pkcs11.c
new revision: 1.17; previous revision: 1.16
Comment 4 Robert Relyea 2001-10-09 15:10:11 PDT
Looks good.
r=relyea
Comment 5 Wan-Teh Chang 2001-12-12 17:40:48 PST
Changed target milestone to 3.3.2 because the fix is in
3.3.2.

Note You need to log in before you can comment on or make changes to this bug.