PK11_FindCertsFromNickname may cause an assertion failure in nssList_GetArray.

RESOLVED FIXED in 3.4.2

Status

NSS
Libraries
RESOLVED FIXED
15 years ago
15 years ago

People

(Reporter: Wan-Teh Chang, Assigned: Ian McGreer)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [adt2 RTM])

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
nssList_GetArray asserts that the maxElements argument is > 0.
nssList_GetArray will malfunction if maxElements is 0.

It is possible for PK11_FindCertsFromNickname to call nssList_GetArray
with maxElements equal to 0, which causes the assertion to fail:
        if (nameList) {
            count = nssList_Count(nameList);
            foundCerts = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
            nssList_GetArray(nameList, (void **)foundCerts, count);
            nssList_Destroy(nameList);
        }
(Assignee)

Comment 1

15 years ago
Created attachment 81485 [details] [diff] [review]
patch against 3.4 branch

Updated

15 years ago
QA Contact: sonja.mirtitsch → bishakhabanerjee
(Assignee)

Comment 2

15 years ago
patch checked in to branch, closing bug.

This fix is not needed for the tip.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
(Reporter)

Comment 3

15 years ago
Comment on attachment 81485 [details] [diff] [review]
patch against 3.4 branch

I think strictly speaking we also need to handle the
failure of nss_ZNEWARRAY (out-of-memory error), that
is, something like:

	foundCerts = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
	if (foundCerts) {
	    nssList_GetArray(nameList, (void **)foundCerts, count);
	}

but this patch is a strict improvement over the old code.

r=wtc.
Attachment #81485 - Flags: review+
(Reporter)

Comment 4

15 years ago
Set target milestone to NSS 3.4.2.
Target Milestone: --- → 3.4.2
(Reporter)

Updated

15 years ago
Blocks: 145836

Comment 5

15 years ago
adt1.0.1+ (on ADT's behalf) for checkin to the 1.0 branch. Pls check this in
asap. thanks! 
Keywords: adt1.0.1+, mozilla1.0.1, nsbeta1+
Whiteboard: [adt2 RTM]
(Reporter)

Updated

15 years ago
Keywords: adt1.0.1+, mozilla1.0.1 → fixed1.0.1
You need to log in before you can comment on or make changes to this bug.