Potential NULL pointer dereference in security/nss/cmd/checkcert/checkcert.c

NEW
Unassigned

Status

7 years ago
4 years ago

People

(Reporter: julia.lawall, Unassigned)

Tracking

trunk
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

7 years ago
User Agent: Mozilla/5.0 (Ubuntu; X11; Linux i686; rv:8.0) Gecko/20100101 Firefox/8.0
Build ID: 20111115183158

Steps to reproduce:

The tool Coccinelle (http://coccinelle.lip6.fr) found the following code in the file security/nss/cmd/checkcert/checkcert.c in the function OurVerifyData.  The second argument of SECU_PrintAsHex in the else branch is dereferenced by SECU_PrintAsHex, which will cause a NULL pointer dereference.

        if ( oiddata ) {
            printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc);
	} else {
            SECU_PrintAsHex(stdout,
                            &oiddata->oid, "PROBLEM: UNKNOWN OID", 0);
        }

Updated

7 years ago
Component: General → Security
Product: Firefox → Core
QA Contact: general → toolkit

Updated

4 years ago
Assignee: nobody → nobody
Status: UNCONFIRMED → NEW
Component: Security → Tools
Ever confirmed: true
Product: Core → NSS
Version: 8 Branch → trunk
You need to log in before you can comment on or make changes to this bug.