Closed
Bug 1168048
Opened 9 years ago
Closed 9 years ago
Avoid potential null-pointer dereferencing in nsNSSCertificateDB
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla41
| Tracking | Status | |
|---|---|---|
| firefox41 | --- | fixed |
People
(Reporter: mozbgz, Assigned: mozbgz)
References
Details
(Keywords: crash, regression)
Attachments
(1 file)
|
1.36 KB,
patch
|
keeler
:
review+
|
Details | Diff | Splinter Review |
When nsIX509Cert2 and nsIX509Cert3 were mreged into nsIX509Cert with bug 643041, two null-pointer checks got "lost", resulting in potential crashes (which is the reason for setting the severity to critical). Triggering the issue from privileged chrome is straightforward (as both methods are scriptable), simply paste Components.classes["@mozilla.org/security/x509certdb;1"].getService(Components.interfaces.nsIX509CertDB).deleteCertificate(null); or Components.classes["@mozilla.org/security/x509certdb;1"].getService(Components.interfaces.nsIX509CertDB).setCertTrust(null,0,0); into the Web Console.
Attachment #8610010 -
Flags: review?(dkeeler)
Flags: needinfo?(dkeeler)
Comment on attachment 8610010 [details] [diff] [review] Proposed patch Review of attachment 8610010 [details] [diff] [review]: ----------------------------------------------------------------- Thanks - r=me.
Attachment #8610010 -
Flags: review?(dkeeler) → review+
Assignee: nobody → mozbugzilla
Flags: needinfo?(dkeeler)
Ok, so before I can set the checkin-needed keyword, I guess a tryserver build is needed. Could you submit one for me?
Flags: needinfo?(dkeeler)
I went ahead and pushed this. I would be quite surprised if it broke anything.
Flags: needinfo?(dkeeler)
|
||
Comment 5•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/4ef26dba9e6f
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
You need to log in
before you can comment on or make changes to this bug.
Description
•