Closed
Bug 156801
Opened 22 years ago
Closed 22 years ago
pk11_CollectCrls crashes if CERT_DecodeDERCrl returns a NULL pointer.
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.5.1
People
(Reporter: wtc, Assigned: rrelyea)
Details
Attachments
(1 file)
|
762 bytes,
patch
|
Details | Diff | Splinter Review |
This bug is reported by Robert List in the mozilla.crypto
newsgroup.
pk11_CollectCrls crashes if CERT_DecodeDERCrl returns
a NULL pointer. Here is the relevant code snippet:
static SECStatus
pk11_CollectCrls(PK11SlotInfo *slot, CK_OBJECT_HANDLE crlID, void *arg)
{
...
new_node->crl=CERT_DecodeDERCrl(head->arena,&derCrl,new_node->type);
if (new_node->crl == NULL) {
goto loser;
}
if (fetchCrl[2].pValue) {
int nnlen = fetchCrl[2].ulValueLen;
new_node->crl->url = (char *)PORT_ArenaAlloc(head->arena, nnlen+1);
If CERT_DecodeDERCrl returns a NULL pointer, we get an access
violation on dereferencing new_node->crl->url.
|
Reporter | |
Comment 1•22 years ago
|
||
This is fixed on the tip, in rev. 1.87 of pk11cert.c.
There is an error in the code snippet I provided.
Actually, the code after the CERT_DecodeDERCrl call:
if (new_node->crl == NULL) {
goto loser;
}
is the fix and was not there originally :-) Sorry
about the confusion.Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.6
|
|
Reporter | |
Comment 2•22 years ago
|
||
|
||
Comment 3•22 years ago
|
||
a=asa (on behalf of drivers) for checkin to 1.1
|
|
Reporter | |
Comment 4•22 years ago
|
||
I checked in the fix into NSS_3_5_BRANCH and NSS_CLIENT_TAG.
Target Milestone: 3.6 → 3.5.1
You need to log in
before you can comment on or make changes to this bug.
Description
•