improper error checking in GetOCSPResponseForType when constructing response array

RESOLVED FIXED in mozilla31

Status

()

defect
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: keeler, Assigned: keeler)

Tracking

unspecified
mozilla31
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

OCSPCommon.cpp:
135   SECItem* response = CreateEncodedOCSPResponse(context);
136   if (!response) {
137     PrintPRError("CreateEncodedOCSPResponse failed");
138     return nullptr;
139   }
140 
141   SECItemArray* arr = SECITEM_AllocArray(aArena, nullptr, 1);
142   arr->items[0].data = response ? response->data : nullptr;
143   arr->items[0].len = response ? response->len : 0;
144 
145   return arr;

A couple things are wrong here:
1. We've already null-checked response when we're assigning to arr->items[0], so it's pointless to re-check it (twice)
2. We don't null-check arr (and it certainly can be null).

This is just in testing code, so it's not security-sensitive/critical.
Posted patch patchSplinter Review
Raymond, would you like to review this?
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Attachment #8407112 - Flags: review?(mozbugs.retornam)
Attachment #8407112 - Flags: review?(mozbugs.retornam) → review+
https://hg.mozilla.org/mozilla-central/rev/c9fabef8ea0e
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
You need to log in before you can comment on or make changes to this bug.