As noted in bug 245941, the CMMF message decoder decodes certs into CERTCertificate structs that are otherwise unknown to NSS. When one calls CERT_DestroyCertificate to destroy one of them, it crashes, attempting to free a null arena pool. The fix is for CERT_DestroyCertificate to check the arenapool pointer before trying to free it. Maybe the function should also return an error code, although it presently returns void. Patch forthcoming.
Created attachment 150316 [details] [diff] [review] patch v1 - don't crash on NULL arena pointer Since this function is a void function, no point in setting an error code.
Comment on attachment 150316 [details] [diff] [review] patch v1 - don't crash on NULL arena pointer Julien, please review.
Attachment #150316 - Flags: review?(julien.pierre.bugs)
Attachment #150316 - Flags: review?(julien.pierre.bugs) → review+
Thanks for the quick review. Patch checked in. /cvsroot/mozilla/security/nss/lib/certdb/stanpcertdb.c,v <-- stanpcertdb.c new revision: 1.65; previous revision: 1.64 marking fixed.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.10
You need to log in before you can comment on or make changes to this bug.