Closed
Bug 334240
Opened 19 years ago
Closed 19 years ago
double free in nsslowkey_ConvertToPublicKey if SECITEM_CopyItem or SECITEM_CopyItem fail
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.1
People
(Reporter: timeless, Assigned: alvolkov.bgs)
References
()
Details
(Keywords: coverity, fixed1.8.0.10, fixed1.8.1.1, Whiteboard: CID 500)
Attachments
(1 file)
|
952 bytes,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
PORT_FreeArena
nsslowkey_DestroyPublicKey
nsslowkey_ConvertToPublicKey
PORT_FreeArena
nsslowkey_ConvertToPublicKey
|
||
Updated•19 years ago
|
Assignee: kengert → nobody
|
||
Updated•19 years ago
|
Severity: blocker → critical
Priority: -- → P2
Target Milestone: --- → 3.11.1
Version: 4.0 → 3.11
|
|
||
Updated•19 years ago
|
Hardware: PC → All
|
Assignee | |
Comment 1•19 years ago
|
||
remove nsslowkey_DestroyPublicKey (pubk) and make arena(and the pubkey) to be freed at the and of the function.
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #219167 -
Flags: review?(nelson)
|
|
||
Comment 2•19 years ago
|
||
Comment on attachment 219167 [details] [diff] [review]
fix
r=nelson
Attachment #219167 -
Flags: review?(nelson) → review+
|
|
Assignee | |
Comment 3•19 years ago
|
||
tip:
/cvsroot/mozilla/security/nss/lib/softoken/lowkey.c,v <-- lowkey.c
new revision: 1.7; previous revision: 1.6
3.11 branch:
/cvsroot/mozilla/security/nss/lib/softoken/lowkey.c,v <-- lowkey.c
new revision: 1.6.30.1; previous revision: 1.6
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
||
Comment 5•18 years ago
|
||
should this fix get picked up for the 2.0.0.4 firefox release?
Flags: blocking1.8.1.4?
|
||
Updated•18 years ago
|
Flags: blocking1.8.1.4?
Keywords: fixed1.8.0.10,
fixed1.8.1.1
|
|
||
Updated•18 years ago
|
Group: security
You need to log in
before you can comment on or make changes to this bug.
Description
•