Closed
Bug 235617
Opened 20 years ago
Closed 20 years ago
CERT_DecodeTrustString crashes if either input arg is NULL
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.10
People
(Reporter: nelson, Assigned: nelson)
Details
Attachments
(1 file)
877 bytes,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
This bug is shown by the same test program used in bug 39495. Patch forthcoming.
Assignee | ||
Comment 1•20 years ago
|
||
This patch detects NULL pointers and returns error SEC_ERROR_INVALID_ARGS, but it still initializes the trust flags to zero, if it can.
Assignee | ||
Updated•20 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: --- → 3.10
Assignee | ||
Updated•20 years ago
|
Attachment #142268 -
Flags: review?(wchang0222)
Comment 2•20 years ago
|
||
Comment on attachment 142268 [details] [diff] [review] patch v1 r=wtc. Can we test for both a null 'trust' and a null 'trusts' at the beginning of the function, before we start to set trust->xxxFlags to 0? That is: + if (!trust || !trusts) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } trust->sslFlags = 0; trust->emailFlags = 0; trust->objectSigningFlags = 0;
Attachment #142268 -
Flags: review?(wchang0222) → review+
Comment 3•20 years ago
|
||
Comment on attachment 142268 [details] [diff] [review] patch v1 OK, I saw that you did that intentionally. My previous comment showed that the new code will be prone to mistakes by a future maintainer. I expect that a function has no side effect if it fails. If that's not the case, I guess we can document it...
Assignee | ||
Comment 4•20 years ago
|
||
I coded it this way so that the trust flags would get initialized, even if nothing else happened. /cvsroot/mozilla/security/nss/lib/certdb/certdb.c,v <-- certdb.c new revision: 1.64; previous revision: 1.63
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•