klocwork Null ptr dereferences in pk11nobj.c

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P2
normal
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Alexei Volkov)

Tracking

({klocwork})

trunk
3.12
klocwork

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

1.53 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
ID:       92202
Function: SEC_DeletePermCRL
Location: nss/lib/pk11wrap/pk11nobj.c : 550

Pointer 'object' returned from call to function 'nss_ZAlloc' at line 549 
may be NULL and will be dereferenced at line 550.

549	    object = nss_ZNEW(NULL, nssCryptokiObject); 
550	    object->token = nssToken_AddRef(token); 
551	    object->handle = crl->pkcs11ID; 
552	    object->isTokenObject = PR_TRUE; 

----

ID:       88551
Function: PK11_FindSMimeProfile
Location: nss/lib/pk11wrap/pk11nobj.c : 602

Pointer 'list' returned from call to function 'PK11_GetAllTokens' at 
line 597 may be NULL and will be dereferenced at line 602.

597		PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, 
598						PR_FALSE,PR_TRUE,NULL); 
599		PK11SlotListElement *le; 
602		for (le = list->head; le; le = le->next) {
(Assignee)

Comment 1

11 years ago
Created attachment 241192 [details] [diff] [review]
fixes
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #241192 - Flags: review?(nelson)
(Reporter)

Updated

11 years ago
Priority: -- → P2
Target Milestone: --- → 3.12
(Reporter)

Comment 2

11 years ago
Comment on attachment 241192 [details] [diff] [review]
fixes

If PK11_GetAllTokens returns NULL, that is a fatal error in itself. 
In that case, we should return NULL right away, without setting a
diffrent error code, such as SEC_ERROR_NO_KRL.
Attachment #241192 - Flags: review?(nelson) → review-
(Assignee)

Comment 3

11 years ago
Created attachment 241202 [details] [diff] [review]
do not change error code returned by PK11_GetAllTokens
Attachment #241192 - Attachment is obsolete: true
Attachment #241202 - Flags: review?(nelson)
(Reporter)

Comment 4

11 years ago
Comment on attachment 241202 [details] [diff] [review]
do not change error code returned by PK11_GetAllTokens

r=nelson for trunk
Attachment #241202 - Flags: review?(nelson) → review+
(Assignee)

Comment 5

11 years ago
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11nobj.c,v  <--  pk11nobj.c
new revision: 1.8; previous revision: 1.7
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.