The default bug view has changed. See this FAQ.

Arena Allocation results are not checked in pkix_pl_InfoAccess_ParseLocation

RESOLVED FIXED in 3.12.1

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: Alexei Volkov, Assigned: Alexei Volkov)

Tracking

unspecified
3.12.1

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: PKIX)

Attachments

(1 attachment)

(Assignee)

Description

9 years ago
The function also leaks memory if parsing error occurs.
(Assignee)

Updated

9 years ago
Whiteboard: PKIX
(Assignee)

Updated

9 years ago
Priority: -- → P2
Priority: P2 → P1
Summary: Allocation results are not checked in pkix_pl_InfoAccess_ParseLocation → Arena Allocation results are not checked in pkix_pl_InfoAccess_ParseLocation
Target Milestone: 3.12 → 3.12.1
(Assignee)

Comment 1

9 years ago
Created attachment 326578 [details] [diff] [review]
Patch v1 - check pointer for NULL after allocation
Attachment #326578 - Flags: review?(nelson)
Comment on attachment 326578 [details] [diff] [review]
Patch v1 - check pointer for NULL after allocation

This patch is good, as far as it goes.  While you're at it, some of these
PORT_ArenaZAlloc calls should be changed to PORT_ArenaZNewArray calls.
Please make the changes indicated below.

>-        PKIX_PL_NSSCALLRV
>-                (INFOACCESS, *tokens, PORT_ArenaZAlloc,
>-                (arena, (numFilters+1)*sizeof(void *)));
>+        filterP = PORT_ArenaZAlloc(arena, (numFilters+1)*sizeof(void *));

          filterP = PORT_ArenaZNewArray(arena, void *, numFilters+1);


>         /* Get room for null-terminated array of (LdapNameComponent *) */
>-        PKIX_PL_NSSCALLRV
>-                (INFOACCESS, v, PORT_ArenaZAlloc,
>-                (arena, len*sizeof(LDAPNameComponent *)));
>+        v = PORT_ArenaZAlloc(arena, len*sizeof(LDAPNameComponent *));
>+        if (v == NULL) {
>+            PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
>+        }
> 
>         setOfNameComponent = (LDAPNameComponent **)v;

There's no need to use a void * in the above code.
Those lines above should be:

          setOfNameComponent = 
                    PORT_ArenaZNewArray(arena, LDAPNameComponent *, len);
          if (!setOfNameComponent) 
              PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);


>         /* Get room for the remaining LdapNameComponents */
>-        PKIX_PL_NSSCALLRV
>-                (INFOACCESS, v, PORT_ArenaZNewArray,
>-                (arena, LDAPNameComponent, --len));
>+        v = PORT_ArenaZNewArray(arena, LDAPNameComponent, --len);
>+        if (v == NULL) {
>+            PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
>+        }
> 
>         nameComponent = (LDAPNameComponent *)v;

There's no need to use a void * in the above code.  
PORT_ArenaZNewArray already returns a pointer of type (LDAPNameComponent *)
so, make that code be the much clearer

          nameComponent = 
                   PORT_ArenaZNewArray(arena, LDAPNameComponent, --len);
          if (!nameComponent)
               PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
Attachment #326578 - Flags: review?(nelson) → review+
(Assignee)

Comment 3

9 years ago
Thanks for the review. Patch and suggested changes have been integrated.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.