Closed
Bug 1136301
Opened 9 years ago
Closed 9 years ago
if a nsIX509Cert / nsNSSCertificate is temporary, mCert->slot will be null, and this should be checked
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla41
Tracking | Status | |
---|---|---|
firefox41 | --- | fixed |
People
(Reporter: keeler, Assigned: AtKr2, Mentored)
Details
(Whiteboard: [good-first-bug][lang=c++])
Attachments
(1 file, 3 obsolete files)
1.89 KB,
patch
|
keeler
:
review+
|
Details | Diff | Splinter Review |
Code in nsNSSCertificate will pass mCert->slot to NSS functions (e.g. PK11_NeedLogin, etc.) that do not validate their input (i.e. check if slot is null). It appears that temporary CERTCertificates have a null slot (which makes sense). PSM needs to check for and handle these cases.
Reporter | ||
Updated•9 years ago
|
Mentor: dkeeler
Whiteboard: [good-first-bug][lang=c++]
Assignee | ||
Comment 1•9 years ago
|
||
Can someone assign this bug to me? This will be my first bug.
Comment 2•9 years ago
|
||
Hi Atul, I've assigned the bug to you. If you need any help with the bug, feel free to ask and choose the "mentor" option from the "Need more information from" drop down below the comment box. Have fun!
Assignee: nobody → atkr.oss
Status: NEW → ASSIGNED
Assignee | ||
Comment 3•9 years ago
|
||
As discussed with dkeeler on mail, I ran xpcshell tests for this patch from /secuity/manager/ssl/tests/unit after making changes. Summary of test run on 'Windows 8.1 64 bit' is as follows Ran 72 tests Expected results: 70 Unexpected results: 0 Skipped: 2 Two functions were touched - private void nsNSSCertificate::destructorSafeDestroyNSSReference() public nsresult nsNSSCertificate::MarkForPermDeletion() Below function is already checking for it NS_IMETHODIMP nsNSSCertificate::GetTokenName(nsAString& aTokenName)
Flags: needinfo?(dkeeler)
Attachment #8616045 -
Flags: review?(dkeeler)
Reporter | ||
Comment 4•9 years ago
|
||
Comment on attachment 8616045 [details] [diff] [review] null check for mCert->slot added in destructorSafeDestroyNSSReference & MarkForPermDeletion Review of attachment 8616045 [details] [diff] [review]: ----------------------------------------------------------------- This is great! Functionally, the patch is perfect. However, this file sometimes uses an outdated code style that we should update in the places we're already modifying. r=me with those changes made. ::: security/manager/ssl/nsNSSCertificate.cpp @@ +224,5 @@ > > // make sure user is logged in to the token > nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext(); > > + if (mCert->slot nit: there's a trailing space on this line we should delete. Also, while you did a perfect job of matching the existing style, the current style guidelines say to have && at the end of lines rather than the beginning. Additionally, I bet we can squeeze some of these statements onto the same line and still be under 80 characters, so this should probably look more like this: if (mCert->slot && PK11_NeedLogin(mCert->slot) && !PK11_NeedUserInit(mCert->slot) && !PK11_IsInternal(mCert->slot)) { (note the opening { being on the same line as well)
Attachment #8616045 -
Flags: review?(dkeeler) → review+
Reporter | ||
Comment 5•9 years ago
|
||
Also, remember to set the user field in your commit (hg commit --user "name <email>" or specify a default in your .hgrc).
Flags: needinfo?(dkeeler)
Assignee | ||
Comment 6•9 years ago
|
||
Improved formatting as asked in review. Additionally updated formatting for the next line in function MarkForPermDeletion by bringing '{' to same line of the if statement. Ran the tests again and same result.
Attachment #8616045 -
Attachment is obsolete: true
Attachment #8616463 -
Flags: review?(dkeeler)
Reporter | ||
Comment 7•9 years ago
|
||
Comment on attachment 8616463 [details] [diff] [review] 1136301-mCertSlotNullCheck.patch Review of attachment 8616463 [details] [diff] [review]: ----------------------------------------------------------------- Looks great - just a minor alignment nit. Also, for the r=whoever in the commit message, we usually use IRC nicknames, so go ahead and use r=keeler for that. ::: security/manager/ssl/nsNSSCertificate.cpp @@ +225,5 @@ > // make sure user is logged in to the token > nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext(); > > + if (mCert->slot && PK11_NeedLogin(mCert->slot) && > + !PK11_NeedUserInit(mCert->slot) && !PK11_IsInternal(mCert->slot)) { nit: the first '!' in this line should line up with the first 'm' in the previous line.
Attachment #8616463 -
Flags: review?(dkeeler) → review+
Assignee | ||
Comment 8•9 years ago
|
||
As requested, changed r=reviewer to reflect IRC nick and aligned the multi-line if statement.
Attachment #8616463 -
Attachment is obsolete: true
Attachment #8616839 -
Flags: review?(dkeeler)
Reporter | ||
Comment 9•9 years ago
|
||
Comment on attachment 8616839 [details] [diff] [review] 1136301-mCertSlotNullCheck.patch Review of attachment 8616839 [details] [diff] [review]: ----------------------------------------------------------------- One minor clarification, but otherwise looks good. ::: security/manager/ssl/nsNSSCertificate.cpp @@ +226,5 @@ > nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext(); > > + if (mCert->slot && PK11_NeedLogin(mCert->slot) && > + !PK11_NeedUserInit(mCert->slot) && !PK11_IsInternal(mCert->slot)) { > + if (SECSuccess != PK11_Authenticate(mCert->slot, true, ctx)) { Sorry - I wasn't clear. This if statement should still only be indented two spaces from the level of the previous if.
Attachment #8616839 -
Flags: review?(dkeeler) → review+
Assignee | ||
Comment 10•9 years ago
|
||
Made changes as suggested.
Attachment #8616839 -
Attachment is obsolete: true
Attachment #8617325 -
Flags: review?(dkeeler)
Reporter | ||
Comment 11•9 years ago
|
||
Comment on attachment 8617325 [details] [diff] [review] 1136301-mCertSlotNullCheck.patch Review of attachment 8617325 [details] [diff] [review]: ----------------------------------------------------------------- Perfect!
Attachment #8617325 -
Flags: review?(dkeeler) → review+
https://hg.mozilla.org/mozilla-central/rev/fcfdee109765
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox41:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
You need to log in
before you can comment on or make changes to this bug.
Description
•