Closed Bug 933998 Opened 10 years ago Closed 10 years ago

certDER can leak in nsNSSCertificateDB::ConstructX509FromBase64

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla28

People

(Reporter: keeler, Assigned: mz_mhs-ctb)

Details

(Whiteboard: [qa-])

Attachments

(1 file)

Patch
1.71 KB, patch
briansmith
: review+
Details | Diff | Splinter Review 
This only happens if NSS is already shut down, but still.

1386 NS_IMETHODIMP
1387 nsNSSCertificateDB::ConstructX509FromBase64(const char *base64,
1388                                             nsIX509Cert **_retval)
1389 {
1390   NS_ENSURE_ARG_POINTER(_retval);
1391 
1392   // sure would be nice to have a smart pointer class for PL_ allocations
1393   // unfortunately, we cannot distinguish out-of-memory from bad-input here
1394   uint32_t len = base64 ? strlen(base64) : 0;
1395   char *certDER = PL_Base64Decode(base64, len, nullptr);
...
1402 
1403   // If we get to this point, we know we had well-formed base64 input;
...
1413   nsNSSShutDownPreventionLock locker;
1414   if (isAlreadyShutDown()) {
1415     return NS_ERROR_NOT_AVAILABLE;
1416   }

We should just hoist the shutdown check to the top of the function.
Attached patch PatchSplinter Review 

        Attachment #826213 -
        Flags: review?(kaie)

        Attachment #826213 -
        Flags: review?(kaie) → review+
Assignee: nobody → mz_mhs-ctb
Keywords: checkin-needed

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/85caaabac21b
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28

    
  
Whiteboard: [qa-]

          You need to log in
          before you can comment on or make changes to this bug.