Closed Bug 309651 Opened 19 years ago Closed 19 years ago

pp crashes printing cert containing ASN.1 NULL construct

Categories

(NSS :: Tools, defect)

Product:
NSS
Component:
Tools
Version:
3.10
Platform:
Sun
Solaris
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nelson, Assigned: nelson)

Details

Attachments

(2 files)

cert that reproduces this problem (among others)
1.37 KB, application/octet-stream
Details
don't ask printf to print a string with a NULL address
673 bytes, patch
wtc
: review+
Details | Diff | Splinter Review 
The pp command crashes when trying to print a cert with an extension that is 
unknown (to pp).  certutil would also crash if it tried to print this cert.
I'll attach the cert that reproduces this, and a patch I wrote for this 
some time ago.
This cert is also interesting because the subject name contains chinese
characters in UTF8.
On some platforms, the statement
   printf("%s\n", NULL);
will print out 
(null)
But apparently on Solaris for x86_64 it crashes instead.
This patch fixes that by not passing NULL.
Attachment #197066 - Flags: review?(wtchang)
(In reply to comment #1)

> This cert is also interesting because the subject name contains chinese
> characters in UTF8.

Oops, that's another cert.  This root cert does not contain chinese characters,
but the intermediate CA certs it has issued do contain them.  

Comment on attachment 197066 [details] [diff] [review]
don't ask printf to print a string with a NULL address

Why is m NULL?	Is m always NULL in the SEC_ASN1_NULL case?
Seems that the bug is passing a NULL m to this function.  This
function passes m to many SECU_PrintXXX functions in the
other cases.  If you fix this case to handle a NULL m, don't
you also need to fix all those SECU_PrintXXX functions to handle
a NULL m?
Comment on attachment 197066 [details] [diff] [review]
don't ask printf to print a string with a NULL address

r=wtc.	I found that several SECU_PrintXXX functions
already handled a NULL m like this.  They only test
for a NULL m, not a zero m[0] (an empty string) though.
Attachment #197066 - Flags: review?(wtchang) → review+
The SECU_PrintXXX functions all have a similar signature.  In all cases,
m is allowed to be NULL (or, that is the intent).  There are several
ways this function can be called, some with non-NULL prefix strings (m)
and ohters with NULL prefix strings.  In the relevant case, we are printing
a decoding of an unknown ASN.1 sequence/set.  Since it is unknown, we have
no meaningful prefixes to print before the members, so we intentionally 
pass NULL.  

Thanks for the review.  Checked in.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: