double free in PK11_ListPrivKeysInSlot if keys allocation fails

RESOLVED FIXED in 3.11.1

Status

NSS
Libraries
P2
critical
RESOLVED FIXED
12 years ago
11 years ago

People

(Reporter: timeless, Assigned: Alexei Volkov)

Tracking

({coverity, fixed1.8.0.10, fixed1.8.1.1})

3.11
3.11.1
All
Linux
coverity, fixed1.8.0.10, fixed1.8.1.1

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [CID 311 310], URL)

Attachments

(1 attachment)

fix
886 bytes, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
(Reporter)

Description

12 years ago
found by coverity

Updated

12 years ago
Assignee: kengert → nobody
Severity: blocker → critical
Priority: -- → P2
Target Milestone: --- → 3.11.1
Version: 4.0 → 3.11
Hardware: PC → All
(Assignee)

Comment 1

12 years ago
Created attachment 219166 [details] [diff] [review]
fix

The code would crash even before second PORT_Free(key_ids) in case when objCount is grater 0, and keys is not allocated.
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #219166 - Flags: review?(nelson)
Comment on attachment 219166 [details] [diff] [review]
fix

r=nelson

As with all these Coverity bugs, please fix on both trunk and 3.11 branch, and add the checkin messages (showing old and new revision numbers) to this bug.
Attachment #219166 - Flags: review?(nelson) → review+
(Assignee)

Comment 3

12 years ago
tip:
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11akey.c,v  <--  pk11akey.c
new revision: 1.12; previous revision: 1.11

3.11 branch:
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11akey.c,v  <--  pk11akey.c
new revision: 1.9.2.2; previous revision: 1.9.2.1
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
*** Bug 337097 has been marked as a duplicate of this bug. ***
CID 311
Whiteboard: CID 311
(Assignee)

Updated

11 years ago
Whiteboard: CID 311 → [CID 311 310]

Comment 6

11 years ago
should this fix get picked up for the 2.0.0.4 firefox release?
Flags: blocking1.8.1.4?
Flags: blocking1.8.1.4?
Keywords: fixed1.8.0.10, fixed1.8.1.1
Group: security
You need to log in before you can comment on or make changes to this bug.