The default bug view has changed. See this FAQ.

klocwork Null ptr dereferences in pk11nobj.c

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P2
normal
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Alexei Volkov)

Tracking

({klocwork})

trunk
3.12
klocwork

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

1.53 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
ID:       92202
Function: SEC_DeletePermCRL
Location: nss/lib/pk11wrap/pk11nobj.c : 550

Pointer 'object' returned from call to function 'nss_ZAlloc' at line 549 
may be NULL and will be dereferenced at line 550.

549	    object = nss_ZNEW(NULL, nssCryptokiObject); 
550	    object->token = nssToken_AddRef(token); 
551	    object->handle = crl->pkcs11ID; 
552	    object->isTokenObject = PR_TRUE; 

----

ID:       88551
Function: PK11_FindSMimeProfile
Location: nss/lib/pk11wrap/pk11nobj.c : 602

Pointer 'list' returned from call to function 'PK11_GetAllTokens' at 
line 597 may be NULL and will be dereferenced at line 602.

597		PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, 
598						PR_FALSE,PR_TRUE,NULL); 
599		PK11SlotListElement *le; 
602		for (le = list->head; le; le = le->next) {
(Assignee)

Comment 1

11 years ago
Created attachment 241192 [details] [diff] [review]
fixes
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #241192 - Flags: review?(nelson)
(Reporter)

Updated

11 years ago
Priority: -- → P2
Target Milestone: --- → 3.12
(Reporter)

Comment 2

11 years ago
Comment on attachment 241192 [details] [diff] [review]
fixes

If PK11_GetAllTokens returns NULL, that is a fatal error in itself. 
In that case, we should return NULL right away, without setting a
diffrent error code, such as SEC_ERROR_NO_KRL.
Attachment #241192 - Flags: review?(nelson) → review-
(Assignee)

Comment 3

11 years ago
Created attachment 241202 [details] [diff] [review]
do not change error code returned by PK11_GetAllTokens
Attachment #241192 - Attachment is obsolete: true
Attachment #241202 - Flags: review?(nelson)
(Reporter)

Comment 4

11 years ago
Comment on attachment 241202 [details] [diff] [review]
do not change error code returned by PK11_GetAllTokens

r=nelson for trunk
Attachment #241202 - Flags: review?(nelson) → review+
(Assignee)

Comment 5

11 years ago
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11nobj.c,v  <--  pk11nobj.c
new revision: 1.8; previous revision: 1.7
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.