Closed Bug 550193 Opened 11 years ago Closed 11 years ago

ec_NewKey calls mp_clear for uninitialized k when SECITEM_CopyItem(...) fails

Categories

(NSS :: Libraries, defect)

x86
All
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

()

Details

(Keywords: coverity, Whiteboard: FIPS)

Attachments

(1 file)

237  	ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey, 
238  	    const unsigned char *privKeyBytes, int privKeyLen)

244  	    mp_int k;

278  	    if (ecParams->fieldID.type == ec_field_GFp) {
279  		CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.prime,
280  		    &ecParams->fieldID.u.prime));

328  	cleanup:
329  	    mp_clear(&k);
Attached patch patchSplinter Review
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #431974 - Flags: review?(nelson)
Comment on attachment 431974 [details] [diff] [review]
patch

r=nelson
Attachment #431974 - Flags: review?(nelson) → review+
Whiteboard: FIPS
Target Milestone: --- → 3.13
lib/freebl/ec.c; new revision: 1.20.8.2; previous revision: 1.20.8.1

Thanks, Timeless.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.