The default bug view has changed. See this FAQ.

klocwork null ptr dereference in ocsp_DecodeResponseBytes

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P2
normal
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Alexei Volkov)

Tracking

({klocwork})

trunk
3.12
klocwork

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

1.07 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
Klockwork ID 87806
File      nss/lib/certhigh/ocsp.c
Function  ocsp_DecodeResponseBytes

Pointer 'rbytes' checked for NULL at line 1450 will be dereferenced at line 1453.

1449   PORT_Assert(rbytes != NULL);		/* internal error, really */ 
1450   if (rbytes == NULL) 
1451       PORT_SetError(SEC_ERROR_INVALID_ARGS); /* XXX set better error? */ 
1452	 
1453   rbytes->responseTypeTag = SECOID_FindOIDTag(&rbytes->responseType); 

Obviously, calling PORT_SetError at line 1451 doesn't solve the problem.
(Assignee)

Comment 1

11 years ago
Created attachment 240986 [details] [diff] [review]
return null if rbytes is null
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #240986 - Flags: review?(nelson)
(Reporter)

Comment 2

11 years ago
Comment on attachment 240986 [details] [diff] [review]
return null if rbytes is null

r=nelson
Attachment #240986 - Flags: review?(nelson) → review+
(Reporter)

Updated

11 years ago
Priority: -- → P2
Target Milestone: --- → 3.12
(Assignee)

Comment 3

11 years ago
/cvsroot/mozilla/security/nss/lib/certhigh/ocsp.c,v  <--  ocsp.c
new revision: 1.29; previous revision: 1.28
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.