Closed Bug 334240 Opened 19 years ago Closed 19 years ago

double free in nsslowkey_ConvertToPublicKey if SECITEM_CopyItem or SECITEM_CopyItem fail

Categories

(NSS :: Libraries, defect, P2)

3.11
All
Linux
defect

Tracking

(Not tracked)

RESOLVED FIXED
3.11.1

People

(Reporter: timeless, Assigned: alvolkov.bgs)

References

()

Details

(Keywords: coverity, fixed1.8.0.10, fixed1.8.1.1, Whiteboard: CID 500)

Attachments

(1 file)

PORT_FreeArena nsslowkey_DestroyPublicKey nsslowkey_ConvertToPublicKey PORT_FreeArena nsslowkey_ConvertToPublicKey
Assignee: kengert → nobody
Severity: blocker → critical
Priority: -- → P2
Target Milestone: --- → 3.11.1
Version: 4.0 → 3.11
Hardware: PC → All
Attached patch fixSplinter Review
remove nsslowkey_DestroyPublicKey (pubk) and make arena(and the pubkey) to be freed at the and of the function.
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #219167 - Flags: review?(nelson)
Comment on attachment 219167 [details] [diff] [review] fix r=nelson
Attachment #219167 - Flags: review?(nelson) → review+
tip: /cvsroot/mozilla/security/nss/lib/softoken/lowkey.c,v <-- lowkey.c new revision: 1.7; previous revision: 1.6 3.11 branch: /cvsroot/mozilla/security/nss/lib/softoken/lowkey.c,v <-- lowkey.c new revision: 1.6.30.1; previous revision: 1.6
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
CID 500
Whiteboard: CID 500
should this fix get picked up for the 2.0.0.4 firefox release?
Flags: blocking1.8.1.4?
Flags: blocking1.8.1.4?
Group: security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: