Closed
Bug 337495
Opened 18 years ago
Closed 18 years ago
Coverity Double free in CRMF_CertReqMsgSetSignaturePOP (security/nss/lib/crmf/crmfpop.c)
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.2
People
(Reporter: kherron+mozilla, Assigned: alvolkov.bgs)
References
()
Details
(Keywords: coverity, Whiteboard: [CID 944])
Attachments
(2 files)
948 bytes,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
5.10 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
This is coverity CID 944. Please refer to the sample URL. At line 339, |derDest.data| is freed. If the test on line 340 succeeds, execution branches to line 346 where |derDest.data| is freed again a few lines later.
Reporter | ||
Updated•18 years ago
|
Whiteboard: [good first bug]
Updated•18 years ago
|
Target Milestone: --- → 3.11.2
Comment 1•18 years ago
|
||
Yup, it's a double-free allright.
Severity: normal → critical
Priority: -- → P2
Version: unspecified → 3.11
Assignee | ||
Updated•18 years ago
|
Assignee: nobody → alexei.volkov.bugs
Assignee | ||
Comment 2•18 years ago
|
||
Attachment #222750 -
Flags: review?(nelson)
Comment 3•18 years ago
|
||
Comment on attachment 222750 [details] [diff] [review] fix This code could surely use some comments, and some variables should be renamed. For example, derDest should be derTemp, because it is NOT the destination, but only a temporary holder. But this patch appears to correctly fix the bug it targets. r=nelson
Attachment #222750 -
Flags: review?(nelson) → review+
Assignee | ||
Comment 4•18 years ago
|
||
Bug fix integration: trunk: /cvsroot/mozilla/security/nss/lib/crmf/crmfpop.c,v <-- crmfpop.c new revision: 1.5; previous revision: 1.4 3.11 branch: /cvsroot/mozilla/security/nss/lib/crmf/crmfpop.c,v <-- crmfpop.c new revision: 1.3.28.2; previous revision: 1.3.28.1
Assignee | ||
Comment 5•18 years ago
|
||
Attachment #222949 -
Flags: review?(nelson)
Comment 6•18 years ago
|
||
Comment on attachment 222949 [details] [diff] [review] variable rename r=nelson
Attachment #222949 -
Flags: review?(nelson) → review+
Assignee | ||
Comment 7•18 years ago
|
||
second patch integration: trunk: /cvsroot/mozilla/security/nss/lib/crmf/crmfpop.c,v <-- crmfpop.c new revision: 1.6; previous revision: 1.5 3.11 branch: /cvsroot/mozilla/security/nss/lib/crmf/crmfpop.c,v <-- crmfpop.c new revision: 1.3.28.3; previous revision: 1.3.28.2
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Updated•18 years ago
|
Summary: Double free in CRMF_CertReqMsgSetSignaturePOP (security/nss/lib/crmf/crmfpop.c) → Coverity Double free in CRMF_CertReqMsgSetSignaturePOP (security/nss/lib/crmf/crmfpop.c)
You need to log in
before you can comment on or make changes to this bug.
Description
•