Closed
Bug 353865
Opened 18 years ago
Closed 18 years ago
klocwork Null ptr deref in softoken/pk11db.c
Categories
(NSS :: Libraries, defect, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.12
People
(Reporter: nelson, Assigned: alvolkov.bgs)
Details
(Keywords: klocwork)
Attachments
(1 file, 1 obsolete file)
|
1.47 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
Klocwork ID 88483
Function: secmod_getSecmodName
Location: nss/lib/softoken/pk11db.c : 286
Pointer 'configdir' returned from call to function 'secmod_argFetchValue'
at line 271 may be NULL and will be dereferenced by passing argument 1 to
function 'sftk_EvaluateConfigDir' at line 286.
270 while (*param) {
271 SECMOD_HANDLE_STRING_ARG(param,configdir,"configDir=",;)
272 SECMOD_HANDLE_STRING_ARG(param,secmodName,"secmod=",;)
273 SECMOD_HANDLE_FINAL_ARG(param)
274 }
286 lconfigdir = sftk_EvaluateConfigDir(configdir, appName);
|
Reporter | |
Updated•18 years ago
|
Priority: -- → P2
Target Milestone: --- → 3.12
|
Assignee | |
Comment 1•18 years ago
|
||
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #242935 -
Flags: review?(nelson)
|
|
Reporter | |
Comment 2•18 years ago
|
||
Comment on attachment 242935 [details] [diff] [review]
check a pointer for NULL before calling sftk_EvaluateConfigDir
>- lconfigdir = sftk_EvaluateConfigDir(configdir, appName);
>+ if (configdir) {
>+ lconfigdir = sftk_EvaluateConfigDir(configdir, appName);
>+ }
> if (lconfigdir) {
lconfigdir is uninitialized, so value is random if !confidir.
Attachment #242935 -
Flags: review?(nelson) → review-
|
|
Assignee | |
Comment 3•18 years ago
|
||
Attachment #242935 -
Attachment is obsolete: true
Attachment #243410 -
Flags: review?(nelson)
|
|
Reporter | |
Comment 4•18 years ago
|
||
Comment on attachment 243410 [details] [diff] [review]
init lconfigdir
r=nelson
Attachment #243410 -
Flags: review?(nelson) → review+
|
|
Assignee | |
Comment 5•18 years ago
|
||
/cvsroot/mozilla/security/nss/lib/softoken/pk11db.c,v <-- pk11db.c
new revision: 1.38; previous revision: 1.37
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•