Closed
Bug 336992
Opened 18 years ago
Closed 18 years ago
crash [@ pk11_DoKeys] "arg" Pointer dereferenced before NULL check
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.2
People
(Reporter: timeless, Assigned: alvolkov.bgs)
References
()
Details
(Keywords: coverity, crash, Whiteboard: [CID 312])
Crash Data
Attachments
(1 file)
926 bytes,
patch
|
nelson
:
review+
wtc
:
review+
|
Details | Diff | Splinter Review |
Comment 2•18 years ago
|
||
I'm surprised this is listed as "crash" and not as "useless NULL check" or even "dead code". An inspection of the code shows that there is only one path into pk11_DoKeys, PK11_TraversePrivateKeysInSlot calls PK11_TraverseSlot passing pk11_DoKeys and the non-null stack address of a data structure to it. PK11_TraverseSlot then calls pk11_DoKeys with that structure address, which cannot be NULL. So, I'm downgrading the severity to "trivial".
Severity: critical → trivial
OS: Linux → All
Priority: -- → P3
Hardware: PC → All
Comment 3•18 years ago
|
||
Comment on attachment 221197 [details] [diff] [review] look before leaping r=nelson > pk11KeyCallback *keycb = (pk11KeyCallback *) arg; >+ if (!arg) { Should set an error code here. But caller will ignore it. >+ return SECFailure; >+ }
Attachment #221197 -
Flags: review?(nelson) → review+
Updated•18 years ago
|
Target Milestone: --- → 3.11.2
Assignee: timeless → alexei.volkov.bugs
Status: ASSIGNED → NEW
Assignee | ||
Comment 4•18 years ago
|
||
trunk /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11akey.c,v <-- pk11akey.c new revision: 1.14; previous revision: 1.13 3.11 branch /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11akey.c,v <-- pk11akey.c new revision: 1.9.2.4; previous revision: 1.9.2.3
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Comment 5•18 years ago
|
||
Comment on attachment 221197 [details] [diff] [review] look before leaping r=wtc. > pk11KeyCallback *keycb = (pk11KeyCallback *) arg; >+ if (!arg) { >+ return SECFailure; >+ } I would test 'keycb' instead of 'arg' here.
Attachment #221197 -
Flags: review+
Updated•13 years ago
|
Crash Signature: [@ pk11_DoKeys]
You need to log in
before you can comment on or make changes to this bug.
Description
•