klocwork Null ptr dereferences in pk11cert.c

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P2
normal
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Alexei Volkov)

Tracking

({klocwork})

trunk
3.12
klocwork

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

fix
6.40 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
All these klocwork IDs are in 
File nss/lib/pk11wrap/pk11cert.c

Klocwork ID 88363
Function PK11_FindCertsFromNickname

Pointer 'certList' returned from call to function 'CERT_NewCertList' at 
line 739 may be NULL and may be dereferenced by passing argument 1 to 
function 'CERT_AddCertToListSorted' at line 745.

741	    CERTCertificate *certCert = STAN_GetCERTCertificateOrRelease(c); 
742	    /* c may be invalid after this, don't reference it */ 
743	    if (certCert) { 
744	        /* CERT_AddCertToListSorted adopts certCert  */ 
745		CERT_AddCertToListSorted(certList, certCert, 
746			             CERT_SortCBValidity, &now);
(Reporter)

Comment 1

11 years ago
ID:       92197
Function: PK11_FindCertFromNickname
Location: nss/lib/pk11wrap/pk11cert.c : 543

Suspicious dereference of pointer 'nickCopy' by passing argument 1 to 
function 'strchr' at line 543 before NULL check at line 633
(Should be a null check between lines 542 and 543)

542	    nickCopy = PORT_Strdup(nickname); 
543	    if ((delimit = PORT_Strchr(nickCopy,':')) != NULL) { 

----

ID:       92198
Function: PK11_FindCertsFromNickname
Location: nss/lib/pk11wrap/pk11cert.c : 654

Suspicious dereference of pointer 'nickCopy' by passing argument 1 to 
function 'strchr' at line 654 before NULL check at line 678
(Should be a null check between lines 653 and 654)

653	    nickCopy = PORT_Strdup(nickname); 
654	    if ((delimit = PORT_Strchr(nickCopy,':')) != NULL) { 

----

ID:       88363
Location: nss/lib/pk11wrap/pk11cert.c : 745
Function: PK11_FindCertsFromNickname

Pointer 'certList' returned from call to function 'CERT_NewCertList' at 
line 739 may be NULL and may be dereferenced by passing argument 1 to 
function 'CERT_AddCertToListSorted' at line 745.


741	    CERTCertificate *certCert = STAN_GetCERTCertificateOrRelease(c); 
742	    /* c may be invalid after this, don't reference it */ 
743	    if (certCert) { 
744	        /* CERT_AddCertToListSorted adopts certCert  */ 
745		CERT_AddCertToListSorted(certList, certCert, 
746			CERT_SortCBValidity, &now); 

----

ID:       92199
Function: PK11_ImportCert
Location: nss/lib/pk11wrap/pk11cert.c : 840

Pointer 'c' returned from call to function 'STAN_GetNSSCertificate' at 
line 837 may be NULL and will be dereferenced at line 840.

834	    if (cert->nssCertificate) { 
835		c = cert->nssCertificate; 
836	    } else { 
837		c = STAN_GetNSSCertificate(cert); 
838	    } 
840	    if (c->object.cryptoContext) { 

----

ID:       88377
Function: PK11_NumberCertsForCertSubject
Location: nss/lib/pk11wrap/pk11cert.c : 1675

Pointer 'list' returned from call to function 'PK11_GetAllTokens' at 
line 1669 may be NULL and will be dereferenced at line 1675.

1669	PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, 
1670							PR_FALSE,PR_TRUE,NULL); 
1671	PK11SlotListElement *le; 
1675	for (le = list->head; le; le = le->next) { 

----- 

ID:       88391
Function: PK11_TraverseCertsForSubject
Location: nss/lib/pk11wrap/pk11cert.c : 1701

Pointer 'list' returned from call to function 'PK11_GetAllTokens' at 
line 1696 may be NULL and will be dereferenced at line 1701.

1696		PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, 
1697						PR_FALSE,PR_TRUE,NULL); 
1698		PK11SlotListElement *le; 
1701		for (le = list->head; le; le = le->next) { 

------

ID:       88382
Function: PK11_FindBestKEAMatch
Location: nss/lib/pk11wrap/pk11cert.c : 2141

Pointer 'keaList' returned from call to function 'PK11_GetAllTokens' at 
line 2134 may be NULL and will be dereferenced at line 2141.

2134	    PK11SlotList *keaList = PK11_GetAllTokens(CKM_KEA_KEY_DERIVE, 
2135						PR_FALSE,PR_TRUE,wincx); 
2136	    PK11SlotListElement *le; 
2141	    for (le = keaList->head; le; le = le->next) { 

----

ID:       92200
Function: listCertsCallback
Location: nss/lib/pk11wrap/pk11cert.c : 2412

Pointer 'c' returned from call to function 'STAN_GetNSSCertificate' at 
line 2410 may be NULL and will be dereferenced at line 2412.

2410	    NSSCertificate *c = STAN_GetNSSCertificate(cert); 
2411	 
2412	    instances = nssPKIObject_GetInstances(&c->object); 
(Reporter)

Updated

11 years ago
Priority: -- → P2
Target Milestone: --- → 3.12
(Assignee)

Comment 2

11 years ago
Created attachment 243544 [details] [diff] [review]
fix
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #243544 - Flags: review?(nelson)
(Reporter)

Comment 3

11 years ago
Comment on attachment 243544 [details] [diff] [review]
fix

r=nelson
Attachment #243544 - Flags: review?(nelson) → review+
(Assignee)

Comment 4

11 years ago
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11cert.c,v  <--  pk11cert.c
new revision: 1.155; previous revision: 1.154
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.