Last Comment Bug 103893 - nickname is not NULL-terminated
: nickname is not NULL-terminated
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.3
: All All
P2 minor (vote)
: 3.3.2
Assigned To: Jamie Nicolson
: Sonja Mirtitsch
Depends on:
  Show dependency treegraph
Reported: 2001-10-09 12:19 PDT by Jamie Nicolson
Modified: 2001-12-12 17:40 PST (History)
2 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

proposed patch to pkcs11.c (756 bytes, patch)
2001-10-09 13:54 PDT, Jamie Nicolson
wtc: review+
Details | Diff | Splinter Review

Description User image Jamie Nicolson 2001-10-09 12:19:22 PDT
This code at pkcs11.c:656, in pk11_handleCertObject, doesn't properly
NULL-terminate the copied nickname string.

cert->nickname = (char *)PORT_ArenaAlloc(cert->arena, PORT_Strlen(label)+1);   
       if(cert->nickname == NULL) {
    return CKR_HOST_MEMORY;
PORT_Memcpy(cert->nickname, label, PORT_Strlen(label));

This doesn't cause any problems in the code path I witnessed, but it did cause
some confusion during debugging.
Comment 1 User image Wan-Teh Chang 2001-10-09 13:28:47 PDT
That whole thing can be replaced by a PORT_ArenaStrdup call:
    cert->nickname = PORT_ArenaStrdup(cert->arena, label);

Could you take care of that?  Do you think this fix should
also be checked in on the NSS_3_3_BRANCH? 
Comment 2 User image Jamie Nicolson 2001-10-09 13:54:05 PDT
Created attachment 52769 [details] [diff] [review]
proposed patch to pkcs11.c
Comment 3 User image Jamie Nicolson 2001-10-09 13:56:36 PDT
OK, checked in on the NSS_3_3_BRANCH and the trunk.

/cvsroot/mozilla/security/nss/lib/softoken/pkcs11.c,v  <--  pkcs11.c
new revision:; previous revision:

/cvsroot/mozilla/security/nss/lib/softoken/pkcs11.c,v  <--  pkcs11.c
new revision: 1.17; previous revision: 1.16
Comment 4 User image Robert Relyea 2001-10-09 15:10:11 PDT
Looks good.
Comment 5 User image Wan-Teh Chang 2001-12-12 17:40:48 PST
Changed target milestone to 3.3.2 because the fix is in

Note You need to log in before you can comment on or make changes to this bug.