Closed
Bug 353865
Opened 18 years ago
Closed 18 years ago
klocwork Null ptr deref in softoken/pk11db.c
Categories
(NSS :: Libraries, defect, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.12
People
(Reporter: nelson, Assigned: alvolkov.bgs)
Details
(Keywords: klocwork)
Attachments
(1 file, 1 obsolete file)
1.47 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
Klocwork ID 88483 Function: secmod_getSecmodName Location: nss/lib/softoken/pk11db.c : 286 Pointer 'configdir' returned from call to function 'secmod_argFetchValue' at line 271 may be NULL and will be dereferenced by passing argument 1 to function 'sftk_EvaluateConfigDir' at line 286. 270 while (*param) { 271 SECMOD_HANDLE_STRING_ARG(param,configdir,"configDir=",;) 272 SECMOD_HANDLE_STRING_ARG(param,secmodName,"secmod=",;) 273 SECMOD_HANDLE_FINAL_ARG(param) 274 } 286 lconfigdir = sftk_EvaluateConfigDir(configdir, appName);
Reporter | ||
Updated•18 years ago
|
Priority: -- → P2
Target Milestone: --- → 3.12
Assignee | ||
Comment 1•18 years ago
|
||
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #242935 -
Flags: review?(nelson)
Reporter | ||
Comment 2•18 years ago
|
||
Comment on attachment 242935 [details] [diff] [review] check a pointer for NULL before calling sftk_EvaluateConfigDir >- lconfigdir = sftk_EvaluateConfigDir(configdir, appName); >+ if (configdir) { >+ lconfigdir = sftk_EvaluateConfigDir(configdir, appName); >+ } > if (lconfigdir) { lconfigdir is uninitialized, so value is random if !confidir.
Attachment #242935 -
Flags: review?(nelson) → review-
Assignee | ||
Comment 3•18 years ago
|
||
Attachment #242935 -
Attachment is obsolete: true
Attachment #243410 -
Flags: review?(nelson)
Reporter | ||
Comment 4•18 years ago
|
||
Comment on attachment 243410 [details] [diff] [review] init lconfigdir r=nelson
Attachment #243410 -
Flags: review?(nelson) → review+
Assignee | ||
Comment 5•18 years ago
|
||
/cvsroot/mozilla/security/nss/lib/softoken/pk11db.c,v <-- pk11db.c new revision: 1.38; previous revision: 1.37
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•