Closed Bug 334238 Opened 18 years ago Closed 18 years ago

double free in SECKEY_ConvertToPublicKey if CERT_ExtractPublicKey fails

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 334183

People

(Reporter: timeless, Assigned: KaiE)

References

(
URL
)

Details

(Keywords: coverity, Whiteboard: [sg:dupe 334183]) 

found by coverity
first stack:
CERT_DestroyCertificate
CERT_FindCertIssuer
seckey_UpdateCertPQGChain
SECKEY_UpdateCertPQG
CERT_ExtractPublicKey
SECKEY_ConvertToPublicKey

second stack:

CERT_DestroyCertificate
SECKEY_ConvertToPublicKey


what really scares me is:
370  		    CERT_DestroyCertificate(cert); /* the first cert in the chain */
371  		    return STAN_GetCERTCertificate(chain[1]); /* return the 2nd */

i'm not sure that this free is detectable by callers!
URL: http://bonsai.mozilla.org/cvsblame.cg...http://bonsai.mozilla.org/cvsblame.cg...

*** This bug has been marked as a duplicate of 334183 ***
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Group: security
Whiteboard: [sg:dupe 334183]
You need to log in before you can comment on or make changes to this bug.