CERT_DestroyCertificate crashes on CMMF decoded cert

RESOLVED FIXED in 3.10

Status

P1
normal
RESOLVED FIXED
15 years ago
15 years ago

People

(Reporter: nelson, Assigned: nelson)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

As noted in bug 245941, the CMMF message decoder decodes certs into 
CERTCertificate structs that are otherwise unknown to NSS.  
When one calls CERT_DestroyCertificate to destroy one of them, 
it crashes, attempting to free a null arena pool.

The fix is for CERT_DestroyCertificate to check the arenapool pointer 
before trying to free it.  Maybe the function should also return an error
code, although it presently returns void.

Patch forthcoming.
(Assignee)

Comment 1

15 years ago
Created attachment 150316 [details] [diff] [review]
patch v1 - don't crash on NULL arena pointer

Since this function is a void function, no point in setting an error code.
(Assignee)

Comment 2

15 years ago
Comment on attachment 150316 [details] [diff] [review]
patch v1 - don't crash on NULL arena pointer

Julien, please review.
Attachment #150316 - Flags: review?(julien.pierre.bugs)

Updated

15 years ago
Attachment #150316 - Flags: review?(julien.pierre.bugs) → review+
(Assignee)

Comment 3

15 years ago
Thanks for the quick review. 
Patch checked in.  

/cvsroot/mozilla/security/nss/lib/certdb/stanpcertdb.c,v  <--  stanpcertdb.c
new revision: 1.65; previous revision: 1.64

marking fixed.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.10
You need to log in before you can comment on or make changes to this bug.