diff options
author | David Keeler <dkeeler@mozilla.com> | 2017-12-01 06:24:29 +0100 |
---|---|---|
committer | David Keeler <dkeeler@mozilla.com> | 2017-12-01 06:24:29 +0100 |
commit | 07ec5f898074ac09b24ec124a33d717d1ef01ab0 (patch) | |
tree | 78351d7d98e625f20fea28713e14ffc9350ba479 | |
parent | 0130d7ebdc3a640cbdc14f8e0a0818ef6bbd8f91 (diff) | |
download | nss-hg-07ec5f898074ac09b24ec124a33d717d1ef01ab0.tar.gz |
Bug 1421788 - Add a length check in nssCryptokiObject_Create to maybe prevent null pointer deref r=ttaubert
Reviewers: ttaubert
Reviewed By: ttaubert
Bug #: 1421788
Differential Revision: https://phabricator.services.mozilla.com/D302
-rw-r--r-- | lib/dev/devutil.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/dev/devutil.c b/lib/dev/devutil.c index b8f82c810..42ce03c97 100644 --- a/lib/dev/devutil.c +++ b/lib/dev/devutil.c @@ -32,15 +32,21 @@ nssCryptokiObject_Create( /* a failure here indicates a device error */ return (nssCryptokiObject *)NULL; } + if (cert_template[0].ulValueLen == 0) { + nss_ZFreeIf(cert_template[1].pValue); + return (nssCryptokiObject *)NULL; + } object = nss_ZNEW(NULL, nssCryptokiObject); if (!object) { + nss_ZFreeIf(cert_template[0].pValue); + nss_ZFreeIf(cert_template[1].pValue); return (nssCryptokiObject *)NULL; } object->handle = h; object->token = nssToken_AddRef(t); isTokenObject = (CK_BBOOL *)cert_template[0].pValue; object->isTokenObject = *isTokenObject; - nss_ZFreeIf(isTokenObject); + nss_ZFreeIf(cert_template[0].pValue); NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template[1], object->label); return object; } |