Closed Bug 1281955 Opened 3 years ago Closed 3 years ago

Don't Adopt() NSS allocated strings in PSM to avoid using the wrong deallocator

Categories

(Core :: Security: PSM, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla50
Tracking Status
firefox50 --- fixed

People

(Reporter: Cykesiopka, Assigned: Cykesiopka)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

There are a few places in PSM where the result of an NSS function returning char* is adopted by e.g. an nsXPIDLCString, which will use the wrong deallocator when the string eventually gets destroyed.

This is basically Bug 1281564, but the free() call is buried within the Mozilla string code instead.

Here's an example (https://hg.mozilla.org/mozilla-central/file/d9659c22b3c5/security/manager/ssl/nsNSSCertificateDB.cpp#l383):
> nsXPIDLCString nickname;
> nickname.Adopt(CERT_MakeCANickname(tmpCert.get()));
There are a few places in PSM where the result of an NSS function returning
char* is adopted by e.g. an nsXPIDLCString, which will use the wrong deallocator
when the string eventually gets destroyed.

This is basically Bug 1281564, but the free() call is buried within the Mozilla
string code instead.

Review commit: https://reviewboard.mozilla.org/r/61436/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/61436/
Attachment #8766639 - Flags: review?(dkeeler)
Comment on attachment 8766639 [details]
Bug 1281955 - Don't Adopt() NSS allocated strings in PSM to avoid using the wrong deallocator.

https://reviewboard.mozilla.org/r/61436/#review58480

Cool - r=me
Attachment #8766639 - Flags: review?(dkeeler) → review+
Pushed by cbook@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/b8e3ba3674f7
Don't Adopt() NSS allocated strings in PSM to avoid using the wrong deallocator. r=dkeeler
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/b8e3ba3674f7
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
You need to log in before you can comment on or make changes to this bug.