Closed Bug 337495 Opened 19 years ago Closed 19 years ago

Coverity Double free in CRMF_CertReqMsgSetSignaturePOP (security/nss/lib/crmf/crmfpop.c)

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Version:
3.11
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.2

People

(Reporter: kherron+mozilla, Assigned: alvolkov.bgs)

References

(
URL
)

Details

(Keywords: coverity, Whiteboard: [CID 944])

Attachments

(2 files)

fix
948 bytes, patch
nelson
: review+
Details | Diff | Splinter Review
variable rename
5.10 KB, patch
nelson
: review+
Details | Diff | Splinter Review
This is coverity CID 944. Please refer to the sample URL. At line 339, |derDest.data| is freed. If the test on line 340 succeeds, execution branches to line 346 where |derDest.data| is freed again a few lines later.
Whiteboard: [good first bug]
Target Milestone: --- → 3.11.2
Yup, it's a double-free allright.
Severity: normal → critical
Priority: -- → P2
Version: unspecified → 3.11
Assignee: nobody → alexei.volkov.bugs
Attached patch fixSplinter Review
Attachment #222750 - Flags: review?(nelson)
Comment on attachment 222750 [details] [diff] [review] fix This code could surely use some comments, and some variables should be renamed. For example, derDest should be derTemp, because it is NOT the destination, but only a temporary holder. But this patch appears to correctly fix the bug it targets. r=nelson
Attachment #222750 - Flags: review?(nelson) → review+
Bug fix integration: trunk: /cvsroot/mozilla/security/nss/lib/crmf/crmfpop.c,v <-- crmfpop.c new revision: 1.5; previous revision: 1.4 3.11 branch: /cvsroot/mozilla/security/nss/lib/crmf/crmfpop.c,v <-- crmfpop.c new revision: 1.3.28.2; previous revision: 1.3.28.1
Attached patch variable renameSplinter Review
Attachment #222949 - Flags: review?(nelson)
Comment on attachment 222949 [details] [diff] [review] variable rename r=nelson
Attachment #222949 - Flags: review?(nelson) → review+
second patch integration: trunk: /cvsroot/mozilla/security/nss/lib/crmf/crmfpop.c,v <-- crmfpop.c new revision: 1.6; previous revision: 1.5 3.11 branch: /cvsroot/mozilla/security/nss/lib/crmf/crmfpop.c,v <-- crmfpop.c new revision: 1.3.28.3; previous revision: 1.3.28.2
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
CID 944
Whiteboard: [good first bug] → [CID 944]
Summary: Double free in CRMF_CertReqMsgSetSignaturePOP (security/nss/lib/crmf/crmfpop.c) → Coverity Double free in CRMF_CertReqMsgSetSignaturePOP (security/nss/lib/crmf/crmfpop.c)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: