Closed Bug 488550 Opened 16 years ago Closed 16 years ago

crash in certutil or pp when printing cert with empty subject name

Categories

(NSS :: Tools, defect, P2)

Product:
NSS
Component:
Tools
Version:
3.12
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.4

People

(Reporter: nelson, Assigned: nelson)

References

Details

(Keywords: crash)

Attachments

(2 files)

cert in PEM (plain text) form
1.02 KB, text/plain
Details
patch for uninitialized variable in SECU_PrintName, v1
520 bytes, patch
julien.pierre
: review+
Details | Diff | Splinter Review
Georgi Guninski reported a crash in certutil when trying to pretty print a certain certificate. A copy of that certificate is attached. It has an empty subject name sequence. This causes the function that certutil uses to print cert names to call free with an uninitialized pointer. This is only a bug in NSS command line utilities, and is not exploitable. Trivial patch forthcoming
Julien, please review
Attachment #372937 - Flags: review?(julien.pierre.boogz)
Priority: -- → P2
Target Milestone: --- → 3.12.4
Attachment #372937 - Flags: review?(julien.pierre.boogz) → review+
Comment on attachment 372937 [details] [diff] [review] patch for uninitialized variable in SECU_PrintName, v1 The patch is correct. You do end up passing a NULL pointer to PORT_Free, though, which I find odd. I had to check its implementation and see that it was OK to do that. PORT_Free checks for a NULL pointer, unlike PR_Free. In all the NSS code I have written over the years, I have always added NULL pointer checks before calling PORT_Free.
Thanks for the quick review. Checking in secutil.c; new revision: 1.96; previous revision: 1.95
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Severity: normal → critical
Keywords: crash
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: