Closed Bug 552946 Opened 16 years ago Closed 1 month ago

cmmf_create_witness_and_challenge didn't handle OOM from SEC_ASN1EncodeInteger

Categories

(NSS :: Libraries, defect, P5)

Product:
NSS
Component:
Libraries
Platform:
x86
All
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: timeless, Unassigned)

References

Details

(Keywords: coverity)

Attachments

(1 file)

Patch V 1
1.06 KB, patch
nelson
: review-
Details | Diff | Splinter Review
49 cmmf_create_witness_and_challenge(PRArenaPool *poolp, 69 encodedRandNum = SEC_ASN1EncodeInteger(poolp, &challenge->randomNumber, 70 inRandom); > 1636 SEC_ASN1EncodeInteger(PRArenaPool *poolp, SECItem *dest, long value) >> 1589 sec_asn1e_integer(PRArenaPool *poolp, SECItem *dest, unsigned long value, >> 1617 dest = sec_asn1e_allocate_item (poolp, dest, len); >>> 1514 sec_asn1e_allocate_item (PRArenaPool *poolp, SECItem *dest, unsigned long len) >>> 1522 if (dest != NULL) { >>> 1523 dest->data = (unsigned char*)PORT_ArenaAlloc (poolp, len); >>> 1524 if (dest->data == NULL) { >>> 1525 dest = NULL; >>> 1528 if (dest == NULL) { >>> 1530 PORT_ArenaRelease (poolp, release); >>> 1552 return dest; >> 1618 if (dest == NULL) >> 1619 return NULL; > 1638 return sec_asn1e_integer (poolp, dest, (unsigned long) value, PR_FALSE); encodedRandNum is NULL because 1523 failed and we cleaned things up. We now stomp on our null OOM marking pointer with something which was freed by some pool magic: 71 encodedRandNum = &challenge->randomNumber; Unhappiness follows: 77 rv = PK11_HashBuf(SEC_OID_SHA1, randHash, encodedRandNum->data, 78 (PRUint32)encodedRandNum->len);
I'm not certain, but I think the cmmf code is all dead. I don't think FF or TB use it, and I'm sure nothing else does, except for an NSS test program. Given the diminishing nature of NSS development resources, I'd prefer to remove/eliminate dead code than to fix it.
Attached patch Patch V 1Splinter Review
Hi Nelson, Can you please review this patch ? Thanks, Shailendra
Attachment #434218 - Flags: review?(nelson)
Comment on attachment 434218 [details] [diff] [review] Patch V 1 Doesn't fix the problem.
Attachment #434218 - Flags: review?(nelson) → review-
Severity: normal → S3
Severity: S3 → S4
Priority: -- → P5
Status: NEW → RESOLVED
Closed: 1 month ago
Resolution: --- → WONTFIX
See Also: → 2030985
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: