Closed Bug 435007 Opened 17 years ago Closed 17 years ago

avoid keeping a stale pointer in libpkix ocsp processing

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.12
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: KaiE, Assigned: KaiE)

Details

Attachments

(1 obsolete file)

In libpkix ocsp processing we keep a pointer to an ocsp id object that had its ownership transferred to another context. Although I believe (hope) the code correctly ensured we never dereferenced that dangling pointer, we should ensure there is no chance to dereference it. Nelson proposed to set the pointer to NULL as soon as we no longer own it, and I concur.
Attached file patch v1 (obsolete) —
Assignee: nobody → kengert
Status: NEW → ASSIGNED
Attachment #321938 - Flags: review?(nelson)
Comment on attachment 321938 [details] patch v1 Thanks, Kai, for writing this patch. I have a slight worry that there may be new crashes in places where certID->certID was never NULL before, but now will be NULL. I'm not confident that our OCSP testing tests enough different cases for us to be confident. I suggest one additional change to some code patched by this patch. In pkix_pl_OcspResponse_GetStatusForCert() I would also add: > PKIX_NULLCHECK_TWO(response->signerCert, response->request); >+ PKIX_NULLCHECK_TWO(cid, cid->certID); > > rv = cert_ProcessOCSPResponse(response->handle, > response->nssOCSPResponse, > cid->certID, > response->signerCert,
Attachment #321938 - Flags: review?(nelson) → review+
Comment on attachment 321938 [details] patch v1 clearing review request. Please see bug 433386.
Attachment #321938 - Flags: review+
Comment on attachment 321938 [details] patch v1 A variation of this patch now lives in attachment 321990 [details] [diff] [review], I added Nelson's proposal from comment 2 (added null checks in two functions).
Attachment #321938 - Attachment is obsolete: true
Attachment #321938 - Attachment is patch: false
Kai, The attachment you described in comment 4 above was attached to Bug 433386, which is now resolved fixed. So, is THIS bug now fixed?
(In reply to comment #5) > Kai, The attachment you described in comment 4 above was attached to > Bug 433386, which is now resolved fixed. So, is THIS bug now fixed? Yes, thanks for the reminder. Marking fixed by the checkin from bug 433386.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: