Crash in libpkix when requesting ocsp revocation chain on a cert that does not have AIA extension. The crash happened because of two fields of pkix_pl_ocsprequest data type was not initialized before destruction. They are certList and location.
Created attachment 300525 [details] [diff] [review] Init certList and location The patch also fixes some potential leaks in CERT_PKIXVerifyCert function.
Attachment #300525 - Flags: review?(nelson)
Comment on attachment 300525 [details] [diff] [review] Init certList and location r=nelson
Attachment #300525 - Flags: review?(nelson) → review+
/cvsroot/mozilla/security/nss/lib/certhigh/certvfypkix.c,v <-- certvfypkix.c new revision: 1.10; previous revision: 1.9 Checking in lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c; new revision: 1.7; previous revision: 1.6
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.