Closed Bug 336971 Opened 19 years ago Closed 19 years ago

Coverity crash [@ SEC_PKCS12DecoderGetCerts] "p12dcx" Pointer dereferenced before NULL check

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Version:
3.11
Platform:
All
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.2

People

(Reporter: timeless, Assigned: nelson)

References

(
URL
)

Details

(Keywords: coverity, crash, Whiteboard: CID 625)

Crash Data

Attachments

(2 files, 1 obsolete file)

patch for NSS_3_11_BRANCH
702 bytes, patch
alvolkov.bgs
: review+
Details | Diff | Splinter Review
patch for the trunk
735 bytes, patch
alvolkov.bgs
: review+
Details | Diff | Splinter Review
If you really don't think it's legal for someone to pass null here, then please remove the null check and add an assert. Based on the fact that the code now tries to use PORT_SetError(SEC_ERROR_INVALID_ARGS), it seems pretty clear in my mind that the null check should be moved before the dereference
Attached patch look before leaping (obsolete) — Splinter Review
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #221184 - Flags: review?(nelson)
Comment on attachment 221184 [details] [diff] [review] look before leaping Here's a simpler patch that is preferable, IMO. >Index: mozilla/security/nss/lib/pkcs12/p12d.c >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/lib/pkcs12/p12d.c,v >retrieving revision 1.32 >diff -u -r1.32 mozilla/security/nss/lib/pkcs12/p12d.c >--- mozilla/security/nss/lib/pkcs12/p12d.c >+++ mozilla/security/nss/lib/pkcs12/p12d.c >@@ -2540,10 +2540,16 @@ > SEC_PKCS12DecoderGetCerts(SEC_PKCS12DecoderContext *p12dcx) > { > CERTCertList *certList = NULL; >- sec_PKCS12SafeBag **safeBags = p12dcx->safeBags; >+ sec_PKCS12SafeBag **safeBags; > int i; > > if (!p12dcx || !p12dcx->safeBags || !p12dcx->safeBags[0]) { > PORT_SetError(SEC_ERROR_INVALID_ARGS); > return NULL; > } >+ safeBags = p12dcx->safeBags;
Attachment #221184 - Flags: review?(nelson) → review-
Hardware: PC → All
Target Milestone: --- → 3.11.2
Priority: -- → P2
taking.
Assignee: timeless → nelson
Status: ASSIGNED → NEW
This patch is for the NSS_3_11_BRANCH, which has diverged from the trunk. :( Alexei, please review.
Attachment #221184 - Attachment is obsolete: true
Attachment #222456 - Flags: review?(alexei.volkov.bugs)
This is the corresponding patch for the trunk. The difference between the two patches is the presence of a new PORT_SetError call. Reviewers, please ensure that the statement safeBags = p12dcx->safeBags; occurs after the block that detects that p12dcx is NULL.
Attachment #222457 - Flags: review?(alexei.volkov.bugs)
Attachment #222456 - Flags: review?(alexei.volkov.bugs) → review+
Attachment #222457 - Flags: review?(alexei.volkov.bugs) → review+
Checking in p12d.c; new revision: 1.33; previous revision: 1.32 Checking in p12d.c; new revision: 1.29.2.2; previous revision: 1.29.2.1 Thanks for the quick reviews.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
CID 625
Whiteboard: CID 625
Summary: crash [@ SEC_PKCS12DecoderGetCerts] "p12dcx" Pointer dereferenced before NULL check → Coverity crash [@ SEC_PKCS12DecoderGetCerts] "p12dcx" Pointer dereferenced before NULL check
Crash Signature: [@ SEC_PKCS12DecoderGetCerts]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: