Closed
Bug 340018
Opened 19 years ago
Closed 19 years ago
Coverity 222 & 223, NSSCKFWC_InitToken passes NULL to nssCKFWToken_Destroy
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.2
People
(Reporter: nelson, Assigned: nelson)
Details
(Keywords: coverity, Whiteboard: [CID 216 217 218 219 220 221 222 223])
Attachments
(1 file)
|
2.32 KB,
patch
|
rrelyea
:
review+
alvolkov.bgs
:
review+
|
Details | Diff | Splinter Review |
In NSSCKFWC_InitToken, there are numerous error paths that set variable
"error" to some non-zero value and then go to loser. Many of these paths
have the effect that variable fwToken is NULL when label loser is reached.
At label loser, a switch on the variable "error" will cause fwToken to be
passed to nssCKFWToken_Destroy, which will dereference it.
|
Assignee | |
Comment 1•19 years ago
|
||
Coverity CID 220 & CID 221
This same problem is present in NSSCKFWC_GetTokenInfo.
Coverity CID 218 and CID 219
Same problem in NSSCKFWC_GetMechanismList
Coverity CID 216 & CID 217
Same problem in NSSCKFWC_GetMechanismInfo
I think the solution in all these functiosn is to change one line of
duplicated code, as follows:
646 loser:
647 switch( error ) {
At conditional (3): "error == 50" taking true path
648 case CKR_DEVICE_REMOVED:
649 case CKR_TOKEN_NOT_PRESENT:
650- (void)nssCKFWToken_Destroy(fwToken);
650+ if (fwToken) (void)nssCKFWToken_Destroy(fwToken);
651 break;
Priority: -- → P2
Summary: Coverity 222, NSSCKFWC_InitToken passes NULL to nssCKFWToken_Destroy → Coverity 222 & 223, NSSCKFWC_InitToken passes NULL to nssCKFWToken_Destroy
Target Milestone: --- → 3.11.2
|
|
Assignee | |
Comment 2•19 years ago
|
||
Bob, please review
|
|
Assignee | |
Updated•19 years ago
|
Attachment #224832 -
Flags: review?(alexei.volkov.bugs)
|
||
Comment 3•19 years ago
|
||
Comment on attachment 224832 [details] [diff] [review]
patch v1
r=alexei.volkov
Attachment #224832 -
Flags: review?(alexei.volkov.bugs) → review+
|
|
Assignee | |
Comment 4•19 years ago
|
||
Don't call nssCKFWToken_Destroy with NULL. Bug 340018. r=alexei.volkov
Checking in wrap.c; new revision: 1.13.2.1; previous revision: 1.13
Checking in wrap.c; new revision: 1.15; previous revision: 1.14
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•19 years ago
|
Whiteboard: [CID 216 217 218 219 220 221 222 223]
|
||
Comment 5•19 years ago
|
||
Comment on attachment 224832 [details] [diff] [review]
patch v1
r+
Attachment #224832 -
Flags: review?(rrelyea) → review+
You need to log in
before you can comment on or make changes to this bug.
Description
•