Closed Bug 504398 Opened 11 years ago Closed 11 years ago

pkix_pl_AIAMgr_GetHTTPCerts could crash if SEC_GetRegisteredHttpClient fails

Categories

(NSS :: Libraries, defect, P3)

3.12.3
defect

Tracking

(Not tracked)

RESOLVED FIXED
3.12.4

People

(Reporter: timeless, Assigned: timeless)

References

()

Details

(Keywords: coverity)

Attachments

(1 file)

coverity says that everyone else null checks the returned value from this function, and given the comment, it seems that someone expected it might be created by the call, which means it could fail to be created by the call
Attached patch patchSplinter Review
i'm not sure about style... but this seems like the logical thing to do.
i'm also not sure how 'fatal' this is, i know other oom's are 'fatal'.
Attachment #388774 - Flags: review?(julien.pierre.boogz)
This patch is basically ok.  We probably should create a new PKIX error code,
and take care to ensure that it maps to the right NSS/NSPR error code also.
Alexei can advise us on that when he returns from vacation later this month.
Severity: critical → normal
Priority: -- → P3
Target Milestone: --- → 3.12.4
Version: trunk → 3.12.3
Comment on attachment 388774 [details] [diff] [review]
patch

I'll commit this.  We can fine tune the error code later.
Attachment #388774 - Flags: review?(julien.pierre.boogz) → review+
module/pkix_pl_aiamgr.c; new revision: 1.12; previous revision: 1.11
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.