fix allocation in pkix_pl_CrlDp_Create

RESOLVED FIXED in 3.16.4

Status

NSS
Libraries
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: Sachin Kumar Gupta, Unassigned, Mentored)

Tracking

3.16.3
3.16.4
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

4 years ago
Created attachment 8465958 [details] [diff] [review]
Proposed Patch.

Error: "Port_ArenaZnew" is a function whose sole duty is to assign memory to its first argument equivalent to "sizeof(2nd argument)"

Here rdnArena is a pointer to a structure  which should be allocated memory equivalent to "sizeof(Certname)", however in current NSS 3.16.3 version it is sizeof(Certname*) which is size of a pointer.


NSS 3.16.3 Version code:

       issuerNameCopy = (CERTName *)PORT_ArenaZNew(rdnArena, CERTName*);

 

Recommended Code:

       issuerNameCopy = (CERTName *)PORT_ArenaZNew(rdnArena, CERTName);
(Reporter)

Updated

4 years ago
Attachment #8465958 - Flags: review?(kaie)
(Reporter)

Updated

4 years ago
Attachment #8465958 - Flags: review?(kaie)

Updated

4 years ago
Attachment #8465958 - Flags: review?(kaie)

Updated

4 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 1

4 years ago
Comment on attachment 8465958 [details] [diff] [review]
Proposed Patch.

r=kaie - thanks for the patch!
Attachment #8465958 - Flags: review?(kaie) → review+

Updated

4 years ago
Summary: In file "nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c" function "pkix_pl_CrlDp_Create" on line 125, the amount of memory being allocated to rdnArena is that of a pointer (sizeof(Certname*)) → fix allocation in pkix_pl_CrlDp_Create

Comment 2

4 years ago
https://hg.mozilla.org/projects/nss/rev/11fcf4476c5f
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.17

Comment 3

4 years ago
Comment on attachment 8465958 [details] [diff] [review]
Proposed Patch.

Review of attachment 8465958 [details] [diff] [review]:
-----------------------------------------------------------------

r=wtc. I verified there is no other bug of this kind.

Kai, please check in this fix for NSS 3.16.4 also.
Attachment #8465958 - Flags: review+

Comment 4

4 years ago
for NSS 3.16.4:
https://hg.mozilla.org/projects/nss/rev/497022ada1ea
Target Milestone: 3.17 → 3.16.4

Updated

4 years ago
Blocks: 1048876
You need to log in before you can comment on or make changes to this bug.