PK11_NewSlotInfo returns freed objects if lock allocations fail

RESOLVED FIXED in 3.11.1

Status

NSS
Libraries
P2
critical
RESOLVED FIXED
11 years ago
10 years ago

People

(Reporter: timeless, Assigned: Alexei Volkov)

Tracking

({coverity, fixed1.8.0.10, fixed1.8.1.1})

3.11
3.11.1
coverity, fixed1.8.0.10, fixed1.8.1.1

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: CID 289, URL)

Attachments

(1 attachment)

fix
1.12 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
(Reporter)

Description

11 years ago
found by coverity

Updated

11 years ago
Assignee: kengert → nobody
Severity: blocker → critical
Priority: -- → P2
Target Milestone: --- → 3.11.1
Version: 4.0 → 3.11
Several places we see code that does this in error paths:

 364   	PORT_Free(slot);
 365   	return slot;

Clearly that should be return NULL in each place.
Assignee: nobody → alexei.volkov.bugs
OS: Linux → All
Hardware: PC → All
(Assignee)

Comment 2

11 years ago
Created attachment 219160 [details] [diff] [review]
fix
Attachment #219160 - Flags: review?(nelson)
Comment on attachment 219160 [details] [diff] [review]
fix

r=nelson
Attachment #219160 - Flags: review?(nelson) → review+
(Assignee)

Comment 4

11 years ago
tip:
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v  <--  pk11slot.c
new revision: 1.88; previous revision: 1.87

3.11 branch:
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v  <--  pk11slot.c
new revision: 1.87.2.1; previous revision: 1.87
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
CID 289
Whiteboard: CID 289

Comment 6

10 years ago
should this fix get picked up on the branch for the next firefox release?
Flags: blocking1.8.1.4?
Chris, What version of NSS is now being used in FF ?
FF2.0.0.1 uses NSS 3.11.4,
FF2.0.0.2 and FF1.5.0.10 use NSS 3.11.5
Keywords: fixed1.8.0.10, fixed1.8.1.1
Flags: blocking1.8.1.4?
Group: security
You need to log in before you can comment on or make changes to this bug.