ckfw destroys an object before its handle

RESOLVED FIXED in 3.4

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
16 years ago
16 years ago

People

(Reporter: Julien Pierre, Assigned: Wan-Teh Chang)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
The CKFW framework to build PKCS#11 modules destroys an object before its
handle. This could cause corruption if the object is accessed by handle in the
short interval before the handle is invalidated.

The patch is below:

Index: wrap.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/ckfw/wrap.c,v
retrieving revision 1.5
diff -u -r1.5 wrap.c
--- wrap.c      8 Feb 2002 00:10:00 -0000       1.5
+++ wrap.c      21 Mar 2002 03:37:14 -0000
@@ -2056,8 +2056,8 @@
     goto loser;
   }
 
-  nssCKFWObject_Destroy(fwObject);
   nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject);
+  nssCKFWObject_Destroy(fwObject);
 
   return CKR_OK;
 
(strange)/u/jpierre/nss/34/mozilla/security/nss/lib/ckfw{67}
(Reporter)

Updated

16 years ago
Priority: -- → P1
Target Milestone: --- → 3.4
(Assignee)

Comment 1

16 years ago
I checked in the patch.
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
(Assignee)

Updated

16 years ago
Blocks: 133613
You need to log in before you can comment on or make changes to this bug.