Avoid potential null-pointer dereferencing in nsNSSCertificateDB

RESOLVED FIXED in Firefox 41

Status

()

--
critical
RESOLVED FIXED
4 years ago
3 years ago

People

(Reporter: mbugz, Assigned: mbugz)

Tracking

({crash, regression})

Trunk
mozilla41
crash, regression
Points:
---

Firefox Tracking Flags

(firefox41 fixed)

Details

Attachments

(1 attachment)

(Assignee)

Description

4 years ago
Created attachment 8610010 [details] [diff] [review]
Proposed patch

When nsIX509Cert2 and nsIX509Cert3 were mreged into nsIX509Cert with bug 643041, two null-pointer checks got "lost", resulting in potential crashes (which is the reason for setting the severity to critical).

Triggering the issue from privileged chrome is straightforward (as both methods are scriptable), simply paste

Components.classes["@mozilla.org/security/x509certdb;1"].getService(Components.interfaces.nsIX509CertDB).deleteCertificate(null);

or

Components.classes["@mozilla.org/security/x509certdb;1"].getService(Components.interfaces.nsIX509CertDB).setCertTrust(null,0,0);

into the Web Console.
Attachment #8610010 - Flags: review?(dkeeler)
Flags: needinfo?(dkeeler)
Comment on attachment 8610010 [details] [diff] [review]
Proposed patch

Review of attachment 8610010 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks - r=me.
Attachment #8610010 - Flags: review?(dkeeler) → review+
Assignee: nobody → mozbugzilla
Flags: needinfo?(dkeeler)
(Assignee)

Comment 2

4 years ago
Ok, so before I can set the checkin-needed keyword, I guess a tryserver build is needed. Could you submit one for me?
Flags: needinfo?(dkeeler)
I went ahead and pushed this. I would be quite surprised if it broke anything.
Flags: needinfo?(dkeeler)
https://hg.mozilla.org/mozilla-central/rev/4ef26dba9e6f
Status: NEW → RESOLVED
Last Resolved: 4 years ago
status-firefox41: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
Duplicate of this bug: 1126027
You need to log in before you can comment on or make changes to this bug.