Last Comment Bug 353773 - klocwork Null ptr dereferences in pk11nobj.c
: klocwork Null ptr dereferences in pk11nobj.c
Status: RESOLVED FIXED
: klocwork
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: trunk
: All All
: P2 normal (vote)
: 3.12
Assigned To: Alexei Volkov
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-22 00:46 PDT by Nelson Bolyard (seldom reads bugmail)
Modified: 2006-10-09 15:24 PDT (History)
1 user (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
fixes (1.99 KB, patch)
2006-10-04 11:28 PDT, Alexei Volkov
nelson: review-
Details | Diff | Review
do not change error code returned by PK11_GetAllTokens (1.53 KB, patch)
2006-10-04 12:35 PDT, Alexei Volkov
nelson: review+
Details | Diff | Review

Description Nelson Bolyard (seldom reads bugmail) 2006-09-22 00:46:02 PDT
ID:       92202
Function: SEC_DeletePermCRL
Location: nss/lib/pk11wrap/pk11nobj.c : 550

Pointer 'object' returned from call to function 'nss_ZAlloc' at line 549 
may be NULL and will be dereferenced at line 550.

549	    object = nss_ZNEW(NULL, nssCryptokiObject); 
550	    object->token = nssToken_AddRef(token); 
551	    object->handle = crl->pkcs11ID; 
552	    object->isTokenObject = PR_TRUE; 

----

ID:       88551
Function: PK11_FindSMimeProfile
Location: nss/lib/pk11wrap/pk11nobj.c : 602

Pointer 'list' returned from call to function 'PK11_GetAllTokens' at 
line 597 may be NULL and will be dereferenced at line 602.

597		PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, 
598						PR_FALSE,PR_TRUE,NULL); 
599		PK11SlotListElement *le; 
602		for (le = list->head; le; le = le->next) {
Comment 1 Alexei Volkov 2006-10-04 11:28:02 PDT
Created attachment 241192 [details] [diff] [review]
fixes
Comment 2 Nelson Bolyard (seldom reads bugmail) 2006-10-04 11:47:02 PDT
Comment on attachment 241192 [details] [diff] [review]
fixes

If PK11_GetAllTokens returns NULL, that is a fatal error in itself. 
In that case, we should return NULL right away, without setting a
diffrent error code, such as SEC_ERROR_NO_KRL.
Comment 3 Alexei Volkov 2006-10-04 12:35:39 PDT
Created attachment 241202 [details] [diff] [review]
do not change error code returned by PK11_GetAllTokens
Comment 4 Nelson Bolyard (seldom reads bugmail) 2006-10-04 12:44:08 PDT
Comment on attachment 241202 [details] [diff] [review]
do not change error code returned by PK11_GetAllTokens

r=nelson for trunk
Comment 5 Alexei Volkov 2006-10-09 15:24:33 PDT
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11nobj.c,v  <--  pk11nobj.c
new revision: 1.8; previous revision: 1.7

Note You need to log in before you can comment on or make changes to this bug.