In mozilla/security/nss/lib/freebl/ecl/ecl_mult.c, function ECPoints_mul, if k1p and k2p point to the local mp_int variables k1t and k2t, we never call mp_clear to free the memory associated with k1t and k2t. Also, when we go to the CLEANUP label on an error, the local variables k1p and k2p may not have been initialized, so they may be used uninitialized. I will submit a patch that fixes both problems.
Created attachment 191383 [details] [diff] [review] Proposed patch
Attachment #191383 - Flags: review?(vipul.gupta) → review?(mozilla.org)
Thanks for the code review, Douglas. I checked in the patch on the NSS trunk for NSS 3.11.
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.11
Attachment #191383 - Flags: superreview?(nelson) → superreview+
You need to log in before you can comment on or make changes to this bug.