Closed
Bug 225626
Opened 21 years ago
Closed 20 years ago
incorrect arena type in JSSL_JavaCertAuthCallback
Categories
(JSS Graveyard :: Library, defect)
JSS Graveyard
Library
Tracking
(Not tracked)
RESOLVED
FIXED
3.5
People
(Reporter: jamie-bugzilla, Assigned: glenbeasley)
Details
Attachments
(1 file, 2 obsolete files)
1.21 KB,
patch
|
Details | Diff | Splinter Review |
There is a hack in NSS whereby PLArenaPool* variables actually point at the data type PORTArenaPool, which is a wrapper around a PLArenaPool. Since a PLArenaPool is the first element in the PORTArenaPool struct, a PORTArenaPool* can be cast to a PLArenaPool*. A PORTArenaPool is allocated, it is returned as a PLArenaPool*, and then if the PORTArenaPool functionality is required, it is cast back to a PORTArenaPool. In JSSL_JavaCertAuthCallback we allocate an arena that is passed to CERT_VerifyCert. The type we allocate is a PLArenaPool, which is in fact the type indicated by the header files. However, NSS really expects it to be a PORTArenaPool, and casts it to a PORTArenaPool* and tries to access memory in the PORTArenaPool. At this point it is accessing memory that it shouldn't. The solution is to allocate a PORTArenaPool instead of a PLArenaPool.
Reporter | ||
Comment 1•21 years ago
|
||
This patch allocates a PORTArenaPool instead of a PLArenaPool.
Reporter | ||
Comment 2•21 years ago
|
||
Attachment #135444 -
Attachment is obsolete: true
Comment 3•21 years ago
|
||
Changes from the previous patch: 1. Handle the failure of PORT_NewArena. 2. Fixed a memory leak on an error path. Need to 'goto finish' to execute the cleanup code before returning. Jamie, please review.
Updated•21 years ago
|
Attachment #135447 -
Attachment is obsolete: true
Assignee | ||
Comment 4•20 years ago
|
||
Wan-Teh, I would like to check this in. I checked this fix it in to the SUN_SECURITY_3_3_BRANCH early this year.
Assignee: jamie-bugzilla → glen.beasley
Assignee | ||
Comment 5•20 years ago
|
||
confirmed Wan-teh checked in fix. target milestone set to 4.0 and closing bug.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Version: 3.4 → 4.0
Comment 6•20 years ago
|
||
This is fixed in JSS 3.5. (There is a JSS 3.5 release.)
Target Milestone: --- → 3.5
Version: 4.0 → unspecified
You need to log in
before you can comment on or make changes to this bug.
Description
•