Closed
Bug 1208440
Opened 9 years ago
Closed 9 years ago
[Coverity 1122446] NULL deref in CERT_CreateEncodedOCSPSuccessResponse
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(firefox44 affected)
RESOLVED
FIXED
3.21
Tracking | Status | |
---|---|---|
firefox44 | --- | affected |
People
(Reporter: ttaubert, Assigned: ttaubert)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
1015 bytes,
patch
|
ekr
:
review+
wtc
:
review+
KaiE
:
superreview+
mt
:
checked-in+
|
Details | Diff | Splinter Review |
> done:
> if (privKey)
> SECKEY_DestroyPrivateKey(privKey);
> if (br->responseSignature.signature.data)
> SECITEM_FreeItem(&br->responseSignature.signature, PR_FALSE);
> PORT_FreeArena(tmpArena, PR_FALSE);
>
> return result;
> }
10. var_deref_op: Dereferencing null pointer br.
Assignee | ||
Comment 1•9 years ago
|
||
Comment on attachment 8665946 [details] [diff] [review] 0001-Bug-1208440-Fix-NULL-deref-in-CERT_CreateEncodedOCSP.patch Review of attachment 8665946 [details] [diff] [review]: ----------------------------------------------------------------- LGTM. Technically I'm not an NSS peer, and in any case I think usually NSS patches need a reviewer from another organization, so maybe Kai or Wan-Teh should review this. For patches like these, maybe we should come up with some criteria by which we don't need to go through quite so much process. I'll bring it up in next week's meeting.
Attachment #8665946 -
Flags: review?(dkeeler)
Assignee | ||
Comment 3•9 years ago
|
||
Ah, okay. I was mistaken and thought you were an NSS peer, and that we already had a policy for minor changes like this not needing an out-of-your-org reviewer. Thanks for bringing this up in the next call!
Assignee | ||
Updated•9 years ago
|
Attachment #8665946 -
Flags: review?(kaie)
Comment 4•9 years ago
|
||
Comment on attachment 8665946 [details] [diff] [review] 0001-Bug-1208440-Fix-NULL-deref-in-CERT_CreateEncodedOCSP.patch Review of attachment 8665946 [details] [diff] [review]: ----------------------------------------------------------------- LGTM.
Attachment #8665946 -
Flags: review?(kaie) → review+
Comment 5•9 years ago
|
||
This is small enough that it doesn't need approval from another organization. It may need approval from a second NSS peer (MT is also a peer). needinfoing wtc for the general policy.
Flags: needinfo?(wtc)
Comment 6•9 years ago
|
||
Comment on attachment 8665946 [details] [diff] [review] 0001-Bug-1208440-Fix-NULL-deref-in-CERT_CreateEncodedOCSP.patch Review of attachment 8665946 [details] [diff] [review]: ----------------------------------------------------------------- r=wtc. I verified it is possible to go to |done| when |br| is still NULL (the initial value of |br|). In general the best reviewer for a bug fix is the author of the original code. Kai wrote ocspsig.c in https://hg.mozilla.org/projects/nss/rev/d010b9d186e0 so I requested a review from him. Since this is a simple fix and has been reviewed by Eric and me, please consider Kai's review as optional. We should also clarify the policy about requiring a reviewer from another organization. That is only applicable to features that are potentially controversial or not of general interest.
Attachment #8665946 -
Flags: superreview?(kaie)
Attachment #8665946 -
Flags: review+
Comment 7•9 years ago
|
||
Comment on attachment 8665946 [details] [diff] [review] 0001-Bug-1208440-Fix-NULL-deref-in-CERT_CreateEncodedOCSP.patch Thank you. r=kaie
Attachment #8665946 -
Flags: superreview?(kaie) → superreview+
Updated•9 years ago
|
Keywords: checkin-needed
Assignee | ||
Comment 8•9 years ago
|
||
Martin, could you check this in please? Thanks!
Flags: needinfo?(martin.thomson)
Comment 9•9 years ago
|
||
Comment on attachment 8665946 [details] [diff] [review] 0001-Bug-1208440-Fix-NULL-deref-in-CERT_CreateEncodedOCSP.patch Review of attachment 8665946 [details] [diff] [review]: ----------------------------------------------------------------- https://hg.mozilla.org/projects/nss/rev/92cb85d4f959 This might be the most over-reviewed patch I've seen.
Attachment #8665946 -
Flags: checked-in+
Comment 10•9 years ago
|
||
Clearing n-i on Wan-Teh since I see that he gave this an r+ already.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Flags: needinfo?(wtc)
Flags: needinfo?(martin.thomson)
Resolution: --- → INCOMPLETE
Target Milestone: --- → 3.21
Updated•9 years ago
|
Resolution: INCOMPLETE → FIXED
Updated•8 years ago
|
Keywords: checkin-needed
You need to log in
before you can comment on or make changes to this bug.
Description
•