Closed Bug 488550 Opened 12 years ago Closed 12 years ago

crash in certutil or pp when printing cert with empty subject name

Categories

(NSS :: Tools, defect, P2)

3.12
defect

Tracking

(Not tracked)

RESOLVED FIXED
3.12.4

People

(Reporter: nelson, Assigned: nelson)

References

Details

(Keywords: crash)

Attachments

(2 files)

Georgi Guninski reported a crash in certutil when trying to pretty print 
a certain certificate.  A copy of that certificate is attached.  It has 
an empty subject name sequence.  This causes the function that certutil
uses to print cert names to call free with an uninitialized pointer. 
This is only a bug in NSS command line utilities, and is not exploitable.

Trivial patch forthcoming
Julien, please review
Attachment #372937 - Flags: review?(julien.pierre.boogz)
Priority: -- → P2
Target Milestone: --- → 3.12.4
Attachment #372937 - Flags: review?(julien.pierre.boogz) → review+
Comment on attachment 372937 [details] [diff] [review]
patch for uninitialized variable in SECU_PrintName, v1 

The patch is correct. You do end up passing a NULL pointer to PORT_Free, though, which I find odd. I had to check its implementation and see that it was OK to do that. PORT_Free checks for a NULL pointer, unlike PR_Free. In all the NSS code I have written over the years, I  have always added NULL pointer checks before calling PORT_Free.
Thanks for the quick review.
Checking in secutil.c; new revision: 1.96; previous revision: 1.95
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Duplicate of this bug: 469578
Severity: normal → critical
Keywords: crash
You need to log in before you can comment on or make changes to this bug.