Closed Bug 1531074 Opened 11 months ago Closed 10 months ago

Possible nullptr dereference in SECKEY_SetPublicValue()

Categories

(NSS :: Libraries, defect, P2)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: ehsan, Assigned: rrelyea)

References

(Blocks 1 open bug)

Details

(Keywords: good-first-bug)

Attachments

(1 file)

privKey is dereferenced here: https://searchfox.org/mozilla-central/rev/2a6f3dde00801374d3b2a704232de54a132af389/security/nss/lib/pk11wrap/pk11akey.c#1686 but is null-checked on line 1689. If it is passed as null (which seems possible at the call site https://searchfox.org/mozilla-central/rev/2a6f3dde00801374d3b2a704232de54a132af389/security/nss/lib/pk11wrap/pk11akey.c#1928 given the null checks around it, this code is prone to a dereference of nullptr.

Keywords: good-first-bug
Priority: -- → P2
Assignee: nobody → rrelyea
Blocks: 1496124

This should help with our coverity analysis.

Status: NEW → RESOLVED
Closed: 10 months ago
Resolution: --- → FIXED
Target Milestone: --- → 3.43
You need to log in before you can comment on or make changes to this bug.