Closed Bug 352041 Opened 18 years ago Closed 18 years ago

oom [@ CERT_DecodeDERCrlWithFlags] "extended" tracked as NULL was dereferenced.

Tracking

(Not tracked)

Status:

RESOLVED FIXED

Milestone:

3.11.4

People

(Reporter: timeless, Assigned: julien.pierre)

References

(
URL
)

Details

(Keywords: coverity, crash, Whiteboard: [CID 1026])

Crash Data

Attachments

(1 file)

Fix crash if extended is NULL . Also handle crl NULL case properly 18 years ago Julien Pierre 858 bytes, patch	alvolkov.bgs : review+ nelson : superreview+	Details \| Diff \| Splinter Review

timeless

Reporter

Description

•

18 years ago

Nelson Bolyard (seldom reads bugmail)

Comment 1

•

18 years ago

In function CERT_DecodeDERCrlWithFlags, when called with option CRL_DECODE_ADOPT_HEAP_DER = 1 and with option CRL_DECODE_KEEP_BAD_CRL = 1 and with option CRL_DECODE_DONT_COPY_DER = 0, and called with narena == NULL, if the attempt to allocate crl from the arena fails, then at label loser, we dereference a NULL pointer, the variable "extended", in this code: 571 loser: 572 if (options & CRL_DECODE_KEEP_BAD_CRL) { 573 extended->decodingError = PR_TRUE; <<-- crash 574 crl->referenceCount = 1; 575 return(crl); 576 }

OS: Linux → All

Priority: -- → P2

Hardware: PC → All

Whiteboard: [CID 1026]

Version: 3.11 → 3.11.2

Julien Pierre

Assignee

Updated

•

18 years ago

Assignee: nobody → julien.pierre.bugs

Julien Pierre

Assignee

Updated

•

18 years ago

Target Milestone: --- → 3.11.4

Julien Pierre

Assignee

Comment 2

•

18 years ago

Attached patch Fix crash if extended is NULL . Also handle crl NULL case properly — Details — Splinter Review

Attachment #237819 - Flags: superreview?(nelson)

Attachment #237819 - Flags: review?(alexei.volkov.bugs)

Alexei Volkov

Comment 3

•

18 years ago

Comment on attachment 237819 [details] [diff] [review] Fix crash if extended is NULL . Also handle crl NULL case properly r=alexei.volkov

Attachment #237819 - Flags: review?(alexei.volkov.bugs) → review+

Nelson Bolyard (seldom reads bugmail)

Updated

•

18 years ago

Attachment #237819 - Flags: superreview?(nelson) → superreview+

Julien Pierre

Assignee

Comment 4

•

18 years ago

Checked in to the tip : Checking in crl.c; /cvsroot/mozilla/security/nss/lib/certdb/crl.c,v <-- crl.c new revision: 1.54; previous revision: 1.53 And NSS_3_11_BRANCH : Checking in crl.c; /cvsroot/mozilla/security/nss/lib/certdb/crl.c,v <-- crl.c new revision: 1.49.24.4; previous revision: 1.49.24.3 done

Status: NEW → RESOLVED

Closed: 18 years ago

Resolution: --- → FIXED

Nobody; OK to take it and work on it

Updated

•

14 years ago

Crash Signature: [@ CERT_DecodeDERCrlWithFlags]

You need to log in before you can comment on or make changes to this bug.

Bugzilla

oom [@ CERT_DecodeDERCrlWithFlags] "extended" tracked as NULL was dereferenced.

Categories

(NSS :: Libraries, defect, P2)

Tracking

(Not tracked)

People

(Reporter: timeless, Assigned: julien.pierre)

References

(
URL
)

Details

(Keywords: coverity, crash, Whiteboard: [CID 1026])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Updated

Comment 2

Comment 3

Updated

Comment 4

Updated

Attachment

General

Description

File Name

Content Type