Closed
Bug 245943
Opened 20 years ago
Closed 20 years ago
CERT_DestroyCertificate crashes on CMMF decoded cert
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.10
People
(Reporter: nelson, Assigned: nelson)
References
Details
Attachments
(1 file)
|
542 bytes,
patch
|
julien.pierre
:
review+
|
Details | Diff | Splinter Review |
As noted in bug 245941, the CMMF message decoder decodes certs into
CERTCertificate structs that are otherwise unknown to NSS.
When one calls CERT_DestroyCertificate to destroy one of them,
it crashes, attempting to free a null arena pool.
The fix is for CERT_DestroyCertificate to check the arenapool pointer
before trying to free it. Maybe the function should also return an error
code, although it presently returns void.
Patch forthcoming.
|
Assignee | |
Comment 1•20 years ago
|
||
Since this function is a void function, no point in setting an error code.
|
|
Assignee | |
Comment 2•20 years ago
|
||
Comment on attachment 150316 [details] [diff] [review]
patch v1 - don't crash on NULL arena pointer
Julien, please review.
Attachment #150316 -
Flags: review?(julien.pierre.bugs)
|
||
Updated•20 years ago
|
Attachment #150316 -
Flags: review?(julien.pierre.bugs) → review+
|
|
Assignee | |
Comment 3•20 years ago
|
||
Thanks for the quick review.
Patch checked in.
/cvsroot/mozilla/security/nss/lib/certdb/stanpcertdb.c,v <-- stanpcertdb.c
new revision: 1.65; previous revision: 1.64
marking fixed.
Status: NEW → RESOLVED
Closed: 20 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.10
You need to log in
before you can comment on or make changes to this bug.
Description
•