Closed Bug 334238 Opened 19 years ago Closed 19 years ago

double free in SECKEY_ConvertToPublicKey if CERT_ExtractPublicKey fails

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 334183

People

(Reporter: timeless, Assigned: KaiE)

References

(
URL
)

Details

(Keywords: coverity, Whiteboard: [sg:dupe 334183])

found by coverity
first stack: CERT_DestroyCertificate CERT_FindCertIssuer seckey_UpdateCertPQGChain SECKEY_UpdateCertPQG CERT_ExtractPublicKey SECKEY_ConvertToPublicKey second stack: CERT_DestroyCertificate SECKEY_ConvertToPublicKey what really scares me is: 370 CERT_DestroyCertificate(cert); /* the first cert in the chain */ 371 return STAN_GetCERTCertificate(chain[1]); /* return the 2nd */ i'm not sure that this free is detectable by callers!
URL: http://bonsai.mozilla.org/cvsblame.cg...http://bonsai.mozilla.org/cvsblame.cg...
*** This bug has been marked as a duplicate of 334183 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Group: security
Whiteboard: [sg:dupe 334183]
You need to log in before you can comment on or make changes to this bug.