Closed
Bug 156801
Opened 22 years ago
Closed 22 years ago
pk11_CollectCrls crashes if CERT_DecodeDERCrl returns a NULL pointer.
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.5.1
People
(Reporter: wtc, Assigned: rrelyea)
Details
Attachments
(1 file)
762 bytes,
patch
|
Details | Diff | Splinter Review |
This bug is reported by Robert List in the mozilla.crypto newsgroup. pk11_CollectCrls crashes if CERT_DecodeDERCrl returns a NULL pointer. Here is the relevant code snippet: static SECStatus pk11_CollectCrls(PK11SlotInfo *slot, CK_OBJECT_HANDLE crlID, void *arg) { ... new_node->crl=CERT_DecodeDERCrl(head->arena,&derCrl,new_node->type); if (new_node->crl == NULL) { goto loser; } if (fetchCrl[2].pValue) { int nnlen = fetchCrl[2].ulValueLen; new_node->crl->url = (char *)PORT_ArenaAlloc(head->arena, nnlen+1); If CERT_DecodeDERCrl returns a NULL pointer, we get an access violation on dereferencing new_node->crl->url.
Reporter | ||
Comment 1•22 years ago
|
||
This is fixed on the tip, in rev. 1.87 of pk11cert.c. There is an error in the code snippet I provided. Actually, the code after the CERT_DecodeDERCrl call: if (new_node->crl == NULL) { goto loser; } is the fix and was not there originally :-) Sorry about the confusion.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.6
Reporter | ||
Comment 2•22 years ago
|
||
Comment 3•22 years ago
|
||
a=asa (on behalf of drivers) for checkin to 1.1
Reporter | ||
Comment 4•22 years ago
|
||
I checked in the fix into NSS_3_5_BRANCH and NSS_CLIENT_TAG.
Target Milestone: 3.6 → 3.5.1
You need to log in
before you can comment on or make changes to this bug.
Description
•