crash in PKIX_PL_Cert_GetVersion

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
10 years ago
10 years ago

People

(Reporter: kaie, Assigned: kaie)

Tracking

({crash})

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

10 years ago
Using the latest trunk of NSS in Firefox, and using the dumper code from bug 418398, I crash when visiting paypal.

#0  0x0129433b in PKIX_PL_Cert_GetVersion (cert=0xa52d25c, pVersion=0xbfeb01fc, plContext=0x968fa00) at pkix_pl_cert.c:1700

(gdb) print nssCert->version
$3 = {type = siBuffer, data = 0x0, len = 0}

The code attempts to deference data, which is null.
(Assignee)

Comment 1

10 years ago
Created attachment 308012 [details] [diff] [review]
Patch v1
Attachment #308012 - Flags: review?(alexei.volkov.bugs)

Comment 2

10 years ago
Comment on attachment 308012 [details] [diff] [review]
Patch v1

The version is optional. We can do extra things, like check for cert extensions, and if they are present, then set it to V3. But I don't think we need it in this function.
Attachment #308012 - Flags: review?(alexei.volkov.bugs) → review+
(Assignee)

Comment 3

10 years ago
Checking in mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c;
/cvsroot/mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c,v  <--  pkix_pl_cert.c
new revision: 1.15; previous revision: 1.14
done


fixed
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee: nobody → kaie
Status: REOPENED → NEW
Priority: -- → P1
Target Milestone: --- → 3.12
Status: NEW → RESOLVED
Last Resolved: 10 years ago10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.