Closed
Bug 486404
Opened 15 years ago
Closed 15 years ago
XPCOM allocator mismatches in PSM
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
People
(Reporter: neil, Assigned: neil)
References
Details
Attachments
(1 file, 2 obsolete files)
8.59 KB,
patch
|
Details | Diff | Splinter Review |
Some PSM files mix and match the XPCOM and both the NSPR allocators. nsNSSCallbacks.cpp's HandshakeCallback uses status->mCipherName.Adopt(cipherName); cipherName is allocated by PORT_strdup however Adopt should use NS_Alloc (in fact cipherName is not freed on failure of do_GetService) nsNSSCertificate::GetSerialNumber, GetSha1Fingerprint and GetMd5Fingerprint use nsXPIDLCString fpStr; fpStr.Adopt(CERT_Hexify(&fpItem, 1)); CERT_Hexify's return value is allocated by PORT_Alloc so should be PORT_Free()d nsNSSIOLayer.cpp's nsNSSSocketInfo's hostName propety uses mHostName.Adopt(host ? nsCRT::strdup(host) : 0); *host = (mHostName) ? nsCRT::strdup(mHostName) : nsnull; Both the Adopt and the outparam should use an XPCOM allocator. (You could alternatively change mHostName to a char* and retain that allocator.) nsNSSIOLayer.cpp also has two calls to SSL_RevealURL which return values allocated by PL_strdup so they should be freed with PL_strfree but just to be confusing charCleaner is also (correctly) used with the return value from CERT_GetCommonName. I can't see an easy fix for this one though. nsSSLStatus::GetCipherName uses PL_strdup when it should be an XPCOM allocator.
Assignee | ||
Comment 1•15 years ago
|
||
The only other alternative I could think of was to revert to manual string deallocation thus eliminating charCleaner entirely.
Comment 2•15 years ago
|
||
Comment on attachment 370595 [details] [diff] [review] Proposed patch > /* Get CN and O of the subject and O of the issuer */ > char *ccn = CERT_GetCommonName(&serverCert->subject); >- charCleaner ccnCleaner(ccn); >+ void *v = ccn; >+ voidCleaner ccnCleaner(v); > NS_ConvertUTF8toUTF16 cn(ccn); voidCleaner? http://mxr.mozilla.org/mozilla/search?string=voidCleaner says > No results found
Assignee | ||
Comment 3•15 years ago
|
||
Comment on attachment 370595 [details] [diff] [review] Proposed patch >-NSSCleanupAutoPtrClass(char, PR_FREEIF) >+NSSCleanupAutoPtrClass(char, PL_strfree) >+NSSCleanupAutoPtrClass(void, PR_FREEIF) The name of the cleaner class is created using C++ preprocessor magic. The cleaner class passes a memory pointer to the deallocator. Thus PL_strfree needs to be called from the charCleaner because it's expecting a char* but with PR_FREEIF I can use any suitable type because it doesn't care, it's just most convenient for me to use a void* pointer as I can easily cast to it.
Comment 4•15 years ago
|
||
Comment on attachment 370595 [details] [diff] [review] Proposed patch Looks good to me. I did not check any other places of PSM for mismatch.
Attachment #370595 -
Flags: review?(honzab.moz) → review+
Assignee | ||
Comment 5•15 years ago
|
||
As far as I know this patch doesn't need any more reviews but I don't have checkin access to the security module so requesting checkin-needed.
Keywords: checkin-needed
Comment 6•15 years ago
|
||
> I don't have checkin access to the security module
The parts of the security module that are in NSS and NSPR are indeed
constrained, so that only peers may checkin.
but I was not aware that PSM was under any such checkin restrictions.
Assignee | ||
Comment 7•15 years ago
|
||
Of course. Silly me. I even have eight previous checkins to security/manager.
Assignee | ||
Comment 8•15 years ago
|
||
I hadn't set up my debugging correctly and a rerun discovered two more files with mismatches, nsCertOverrideService.cpp and nsSDR.cpp; the other changes are the same as the previous patch.
Attachment #370595 -
Attachment is obsolete: true
Attachment #372209 -
Flags: review?(honzab.moz)
Assignee | ||
Updated•15 years ago
|
Keywords: checkin-needed → 4xp
Comment 10•15 years ago
|
||
Comment on attachment 372209 [details] [diff] [review] Missed two cases You should use PR_DELETE in nsSDR::DecryptString for freeing 'decoded'. It's allocated with PR_MALLOC in PL_Base64Decode. Same for call to PL_Base64Encode. However, quick look to mxr shows that combination of all nsMemory:Free, PR_Free, NS_Free is used to free result of these functions, so you are probably OK with the patch as is :)
Attachment #372209 -
Flags: review?(honzab.moz) → review+
Assignee | ||
Comment 11•15 years ago
|
||
You're right, although at least the PR_DELETE/PR_Free difference is not so much of a concern as the NS_Free/PL_strfree difference.
Attachment #372209 -
Attachment is obsolete: true
Assignee | ||
Comment 12•15 years ago
|
||
Fix checked in to CVS.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
This is burning trees on 1.9.0.
Comment 14•15 years ago
|
||
This needed approval before checkin. Please back out ASAP.
Assignee | ||
Comment 15•15 years ago
|
||
PSM != NSS PSM != NSS PSM != NSS PSM != NSS PSM != NSS PSM != NSS PSM != NSS PSM != NSS PSM != NSS PSM != NSS PSM != NSS
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 16•15 years ago
|
||
Pushed changeset c7ee4c717dd3 to mozilla-central.
Status: REOPENED → RESOLVED
Closed: 15 years ago → 15 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•