Closed
Bug 353739
Opened 18 years ago
Closed 18 years ago
Klocwork Null ptr dereferences in instance.c
Categories
(NSS :: Libraries, defect, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.12
People
(Reporter: nelson, Assigned: alvolkov.bgs)
Details
(Keywords: klocwork)
Attachments
(1 file, 1 obsolete file)
|
2.77 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
Klocwork ID 92337
File nss/lib/ckfw/instance.c
Function nssCKFWInstance_DestroySessionHandle
Pointer 'fwSession' returned from call to function 'nssCKFWHash_Lookup' at
line 671 may be NULL and will be dereferenced by passing argument 1 to
function 'nssCKFWSession_SetHandle' at line 675.
Klocwork ID 92338
File nss/lib/ckfw/instance.c
Function nssCKFWInstance_ReassignObjectHandle
Pointer 'oldObject' returned from call to function 'nssCKFWHash_Lookup' at
line 816 may be NULL and will be dereferenced by passing argument 1 to
function 'nssCKFWObject_SetHandle' at line 819.
Klocwork ID 92339
File nss/lib/ckfw/instance.c
Function nssCKFWInstance_DestroyObjectHandle
Pointer 'fwObject' returned from call to function 'nssCKFWHash_Lookup' at
line 857 may be NULL and will be dereferenced by passing argument 1 to
function 'nssCKFWObject_SetHandle' at line 861.
|
Reporter | |
Updated•18 years ago
|
Priority: -- → P2
Target Milestone: --- → 3.12
|
Assignee | |
Comment 1•18 years ago
|
||
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #241206 -
Flags: review?(nelson)
|
|
Reporter | |
Comment 2•18 years ago
|
||
Comment on attachment 241206 [details] [diff] [review]
check pointer value returned by nssCKFWHash_Lookup
This change appears in two places:
> fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup(
> fwInstance->sessionHandleHash, (const void *)hSession);
>-
>+ if (!fwSession) {
>+ (void)nssCKFWMutex_Unlock(fwInstance->mutex);
>+ return;
>+ }
>+
> nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession);
> nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0);
>
> (void)nssCKFWMutex_Unlock(fwInstance->mutex);
>
> return;
In both places, I'd rather see
> fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup(
> fwInstance->sessionHandleHash, (const void *)hSession);
>-
>- nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession);
>- nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0);
>+ if (fwSession) {
>+ nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession);
>+ nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0);
>+ }
>
> (void)nssCKFWMutex_Unlock(fwInstance->mutex);
>
> return;
Attachment #241206 -
Flags: review?(nelson) → review-
|
|
Assignee | |
Comment 3•18 years ago
|
||
Attachment #241206 -
Attachment is obsolete: true
Attachment #241214 -
Flags: review?(nelson)
|
|
Reporter | |
Comment 4•18 years ago
|
||
Comment on attachment 241214 [details] [diff] [review]
fix as suggested
r=nelson for trunk
Attachment #241214 -
Flags: review?(nelson) → review+
|
|
Assignee | |
Comment 5•18 years ago
|
||
/cvsroot/mozilla/security/nss/lib/ckfw/instance.c,v <-- instance.c
new revision: 1.11; previous revision: 1.10
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•