Closed Bug 994932 Opened 7 years ago Closed 7 years ago

improper error checking in GetOCSPResponseForType when constructing response array

Categories

(Core :: Security: PSM, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla31

People

(Reporter: keeler, Assigned: keeler)

Details

Attachments

(1 file)

OCSPCommon.cpp:
135   SECItem* response = CreateEncodedOCSPResponse(context);
136   if (!response) {
137     PrintPRError("CreateEncodedOCSPResponse failed");
138     return nullptr;
139   }
140 
141   SECItemArray* arr = SECITEM_AllocArray(aArena, nullptr, 1);
142   arr->items[0].data = response ? response->data : nullptr;
143   arr->items[0].len = response ? response->len : 0;
144 
145   return arr;

A couple things are wrong here:
1. We've already null-checked response when we're assigning to arr->items[0], so it's pointless to re-check it (twice)
2. We don't null-check arr (and it certainly can be null).

This is just in testing code, so it's not security-sensitive/critical.
Attached patch patchSplinter Review
Raymond, would you like to review this?
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Attachment #8407112 - Flags: review?(mozbugs.retornam)
Attachment #8407112 - Flags: review?(mozbugs.retornam) → review+
https://hg.mozilla.org/mozilla-central/rev/c9fabef8ea0e
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
You need to log in before you can comment on or make changes to this bug.