Closed Bug 488550 Opened 11 years ago Closed 11 years ago
crash in certutil or pp when printing cert with empty subject name
Georgi Guninski reported a crash in certutil when trying to pretty print a certain certificate. A copy of that certificate is attached. It has an empty subject name sequence. This causes the function that certutil uses to print cert names to call free with an uninitialized pointer. This is only a bug in NSS command line utilities, and is not exploitable. Trivial patch forthcoming
Julien, please review
Attachment #372937 - Flags: review?(julien.pierre.boogz)
Priority: -- → P2
Target Milestone: --- → 3.12.4
Attachment #372937 - Flags: review?(julien.pierre.boogz) → review+
Comment on attachment 372937 [details] [diff] [review] patch for uninitialized variable in SECU_PrintName, v1 The patch is correct. You do end up passing a NULL pointer to PORT_Free, though, which I find odd. I had to check its implementation and see that it was OK to do that. PORT_Free checks for a NULL pointer, unlike PR_Free. In all the NSS code I have written over the years, I have always added NULL pointer checks before calling PORT_Free.
Thanks for the quick review. Checking in secutil.c; new revision: 1.96; previous revision: 1.95
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.