Last Comment Bug 353865 - klocwork Null ptr deref in softoken/pk11db.c
: klocwork Null ptr deref in softoken/pk11db.c
Status: RESOLVED FIXED
: klocwork
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: trunk
: All All
: P2 normal (vote)
: 3.12
Assigned To: Alexei Volkov
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-22 13:32 PDT by Nelson Bolyard (seldom reads bugmail)
Modified: 2006-10-30 16:29 PST (History)
1 user (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
check a pointer for NULL before calling sftk_EvaluateConfigDir (1.00 KB, patch)
2006-10-20 16:28 PDT, Alexei Volkov
nelson: review-
Details | Diff | Splinter Review
init lconfigdir (1.47 KB, patch)
2006-10-24 16:32 PDT, Alexei Volkov
nelson: review+
Details | Diff | Splinter Review

Description Nelson Bolyard (seldom reads bugmail) 2006-09-22 13:32:05 PDT
Klocwork ID 88483
Function: secmod_getSecmodName
Location: nss/lib/softoken/pk11db.c : 286

Pointer 'configdir' returned from call to function 'secmod_argFetchValue' 
at line 271 may be NULL and will be dereferenced by passing argument 1 to 
function 'sftk_EvaluateConfigDir' at line 286.

270	    while (*param) { 
271		SECMOD_HANDLE_STRING_ARG(param,configdir,"configDir=",;) 
272		SECMOD_HANDLE_STRING_ARG(param,secmodName,"secmod=",;) 
273		SECMOD_HANDLE_FINAL_ARG(param) 
274	   } 
286	   lconfigdir = sftk_EvaluateConfigDir(configdir, appName);
Comment 1 Alexei Volkov 2006-10-20 16:28:51 PDT
Created attachment 242935 [details] [diff] [review]
check a pointer for NULL before calling sftk_EvaluateConfigDir
Comment 2 Nelson Bolyard (seldom reads bugmail) 2006-10-20 16:37:43 PDT
Comment on attachment 242935 [details] [diff] [review]
check a pointer for NULL before calling sftk_EvaluateConfigDir

>-   lconfigdir = sftk_EvaluateConfigDir(configdir, appName);
>+   if (configdir) {
>+       lconfigdir = sftk_EvaluateConfigDir(configdir, appName);
>+   }
>    if (lconfigdir) {

lconfigdir is uninitialized, so value is random if !confidir.
Comment 3 Alexei Volkov 2006-10-24 16:32:12 PDT
Created attachment 243410 [details] [diff] [review]
init lconfigdir
Comment 4 Nelson Bolyard (seldom reads bugmail) 2006-10-24 18:30:21 PDT
Comment on attachment 243410 [details] [diff] [review]
init lconfigdir

r=nelson
Comment 5 Alexei Volkov 2006-10-30 16:29:59 PST
/cvsroot/mozilla/security/nss/lib/softoken/pk11db.c,v  <--  pk11db.c
new revision: 1.38; previous revision: 1.37

Note You need to log in before you can comment on or make changes to this bug.