Closed Bug 571251 Opened 15 years ago Closed 15 years ago

sftk_parseParameters calls PORT_Free(tmp) on unitialized pointer

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Version:
3.12.6
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.7

People

(Reporter: elio.maldonado.batiz, Assigned: elio.maldonado.batiz)

References

(Blocks 1 open bug)

Details

Attachments

(1 file, 2 obsolete files)

Complete fix
2.47 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review
Extract from http://mxr.mozilla.org/security/source/security/nss/lib/softoken/sftkpars.c#413 shows 416 char *tmp; ...... 446 SFTK_HANDLE_STRING_ARG(index,tmp,"flags=", 447 if(tmp) { sftk_parseFlags(param,parsed); PORT_Free(tmp); }) 448 SFTK_HANDLE_STRING_ARG(index,tmp,"tokens=", 449 if(tmp) { sftk_parseTokens(tmp,parsed); PORT_Free(tmp); }) .... if(tmp) may be non-zero because of random values on teh stack for tmp. It should be set to NULL at line 416. Kamil Dudka reported similar problem a PEM module code review at https://bugzilla.mozilla.org/show_bug.cgi?id=402712#c45
Attached patch initialize pointer to null (obsolete) — Splinter Review
Attachment #450366 - Flags: review?
Attached patch set tmp to NULL (obsolete) — Splinter Review
Attachment #450368 - Flags: review?(rrelyea)
Assignee: nobody → emaldona
Attachment #450366 - Attachment is obsolete: true
Attachment #450366 - Flags: review?
Priority: -- → P1
Target Milestone: --- → 3.12.7
Blocks: FIPS2010
Comment on attachment 450368 [details] [diff] [review] set tmp to NULL r+ (We may have a patch like this already in 3.13 branch. bob
Attachment #450368 - Flags: review?(rrelyea) → review+
(In reply to comment #3) > (From update of attachment 450368 [details] [diff] [review]) > r+ (We may have a patch like this already in 3.13 branch. > Indeed, see https://bugzilla.mozilla.org/show_bug.cgi?id=469585 the patch that was applied on the 3.13 branch is more complete than this one.
Attached patch Complete fixSplinter Review
Better patch that was applied on the 3.13 branch.
Attachment #450368 - Attachment is obsolete: true
Attachment #450665 - Flags: review?
Attachment #450665 - Flags: review? → review?(rrelyea)
Comment on attachment 450665 [details] [diff] [review] Complete fix I think Elio meant to ask Bob for this review.
Attachment #450665 - Flags: review?(rrelyea) → review?
Attachment #450665 - Flags: review? → review?(rrelyea)
Comment on attachment 450665 [details] [diff] [review] Complete fix r+ looks familiar;). bob
Attachment #450665 - Flags: review?(rrelyea) → review+
Fix was checked in: Checking in mozilla/security/nss/lib/softoken/sftkpars.c; /cvsroot/mozilla/security/nss/lib/softoken/sftkpars.c,v <-- sftkpars.c new revision: 1.11; previous revision: 1.10
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: