The default bug view has changed. See this FAQ.

klocwork Null ptr dereferences in pk11cert.c

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P2
normal
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Alexei Volkov)

Tracking

({klocwork})

trunk
3.12
klocwork

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

fix
6.40 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
All these klocwork IDs are in 
File nss/lib/pk11wrap/pk11cert.c

Klocwork ID 88363
Function PK11_FindCertsFromNickname

Pointer 'certList' returned from call to function 'CERT_NewCertList' at 
line 739 may be NULL and may be dereferenced by passing argument 1 to 
function 'CERT_AddCertToListSorted' at line 745.

741	    CERTCertificate *certCert = STAN_GetCERTCertificateOrRelease(c); 
742	    /* c may be invalid after this, don't reference it */ 
743	    if (certCert) { 
744	        /* CERT_AddCertToListSorted adopts certCert  */ 
745		CERT_AddCertToListSorted(certList, certCert, 
746			             CERT_SortCBValidity, &now);
(Reporter)

Comment 1

11 years ago
ID:       92197
Function: PK11_FindCertFromNickname
Location: nss/lib/pk11wrap/pk11cert.c : 543

Suspicious dereference of pointer 'nickCopy' by passing argument 1 to 
function 'strchr' at line 543 before NULL check at line 633
(Should be a null check between lines 542 and 543)

542	    nickCopy = PORT_Strdup(nickname); 
543	    if ((delimit = PORT_Strchr(nickCopy,':')) != NULL) { 

----

ID:       92198
Function: PK11_FindCertsFromNickname
Location: nss/lib/pk11wrap/pk11cert.c : 654

Suspicious dereference of pointer 'nickCopy' by passing argument 1 to 
function 'strchr' at line 654 before NULL check at line 678
(Should be a null check between lines 653 and 654)

653	    nickCopy = PORT_Strdup(nickname); 
654	    if ((delimit = PORT_Strchr(nickCopy,':')) != NULL) { 

----

ID:       88363
Location: nss/lib/pk11wrap/pk11cert.c : 745
Function: PK11_FindCertsFromNickname

Pointer 'certList' returned from call to function 'CERT_NewCertList' at 
line 739 may be NULL and may be dereferenced by passing argument 1 to 
function 'CERT_AddCertToListSorted' at line 745.


741	    CERTCertificate *certCert = STAN_GetCERTCertificateOrRelease(c); 
742	    /* c may be invalid after this, don't reference it */ 
743	    if (certCert) { 
744	        /* CERT_AddCertToListSorted adopts certCert  */ 
745		CERT_AddCertToListSorted(certList, certCert, 
746			CERT_SortCBValidity, &now); 

----

ID:       92199
Function: PK11_ImportCert
Location: nss/lib/pk11wrap/pk11cert.c : 840

Pointer 'c' returned from call to function 'STAN_GetNSSCertificate' at 
line 837 may be NULL and will be dereferenced at line 840.

834	    if (cert->nssCertificate) { 
835		c = cert->nssCertificate; 
836	    } else { 
837		c = STAN_GetNSSCertificate(cert); 
838	    } 
840	    if (c->object.cryptoContext) { 

----

ID:       88377
Function: PK11_NumberCertsForCertSubject
Location: nss/lib/pk11wrap/pk11cert.c : 1675

Pointer 'list' returned from call to function 'PK11_GetAllTokens' at 
line 1669 may be NULL and will be dereferenced at line 1675.

1669	PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, 
1670							PR_FALSE,PR_TRUE,NULL); 
1671	PK11SlotListElement *le; 
1675	for (le = list->head; le; le = le->next) { 

----- 

ID:       88391
Function: PK11_TraverseCertsForSubject
Location: nss/lib/pk11wrap/pk11cert.c : 1701

Pointer 'list' returned from call to function 'PK11_GetAllTokens' at 
line 1696 may be NULL and will be dereferenced at line 1701.

1696		PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, 
1697						PR_FALSE,PR_TRUE,NULL); 
1698		PK11SlotListElement *le; 
1701		for (le = list->head; le; le = le->next) { 

------

ID:       88382
Function: PK11_FindBestKEAMatch
Location: nss/lib/pk11wrap/pk11cert.c : 2141

Pointer 'keaList' returned from call to function 'PK11_GetAllTokens' at 
line 2134 may be NULL and will be dereferenced at line 2141.

2134	    PK11SlotList *keaList = PK11_GetAllTokens(CKM_KEA_KEY_DERIVE, 
2135						PR_FALSE,PR_TRUE,wincx); 
2136	    PK11SlotListElement *le; 
2141	    for (le = keaList->head; le; le = le->next) { 

----

ID:       92200
Function: listCertsCallback
Location: nss/lib/pk11wrap/pk11cert.c : 2412

Pointer 'c' returned from call to function 'STAN_GetNSSCertificate' at 
line 2410 may be NULL and will be dereferenced at line 2412.

2410	    NSSCertificate *c = STAN_GetNSSCertificate(cert); 
2411	 
2412	    instances = nssPKIObject_GetInstances(&c->object); 
(Reporter)

Updated

11 years ago
Priority: -- → P2
Target Milestone: --- → 3.12
(Assignee)

Comment 2

11 years ago
Created attachment 243544 [details] [diff] [review]
fix
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #243544 - Flags: review?(nelson)
(Reporter)

Comment 3

11 years ago
Comment on attachment 243544 [details] [diff] [review]
fix

r=nelson
Attachment #243544 - Flags: review?(nelson) → review+
(Assignee)

Comment 4

11 years ago
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11cert.c,v  <--  pk11cert.c
new revision: 1.155; previous revision: 1.154
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.