Closed Bug 644070 Opened 14 years ago Closed 14 years ago

nsNSSCertificate::defaultServerNickname leaks in case of server name conflict

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla5

People

(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)

References

(
URL
)

Details

(Keywords: memory-leak)

Attachments

(1 file, 1 obsolete file)

Patch (v2)
(deleted), patch
mayhemer
: review+
Details | Diff | Splinter Review
The OS X leaks report tool found this leak, under this stack: [thread 0x12250a000]: | thread_start | _pthread_start | _pt_root | nsSSLThread::Run() | ssl_Write | ssl_SecureSend | ssl_Do1stHandshake | ssl_Gather Record1stHandshake | ssl3_GatherCompleteHandshake | ssl3_HandleRecord | ssl3_HandleHandshakeMessage | AuthCertificateCallback(void*, PRFileDesc*, int, int) | nsNSSCerti ficate::defaultServerNickname(CERTCertificateStr*) | PR_smprintf | PR_vsmprintf | dosprintf | GrowStuff | PR_Realloc | realloc | malloc_zone_realloc What's happening is that if SEC_CertNicknameConflict returns false, we fail to free the value stored in nickname. This may be one of the leaks of bug 497808. I found it while I was trying to use the leaks tool to debug that bug.
Attached patch Patch (v1) (obsolete) (deleted) — Splinter Review
Assignee: nobody → ehsan
Status: NEW → ASSIGNED
Attachment #521123 - Flags: review?(honzab.moz)
Comment on attachment 521123 [details] [diff] [review] Patch (v1) r=honzab
Attachment #521123 - Flags: review?(honzab.moz) → review+
Depends on: post2.0
Whiteboard: [post-2.0]
http://hg.mozilla.org/mozilla-central/rev/de9265797f0a
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
No longer depends on: post2.0
Resolution: --- → FIXED
Whiteboard: [post-2.0]
Target Milestone: --- → mozilla2.2
Hmm, actually my patch was incorrect. It turned the Mac browser-chrome suite orange (luckily) so I backed it out: http://hg.mozilla.org/mozilla-central/rev/741701875aec If |conflict| is false, we end up returning |nickname|, so freeing it would be a mistake. Seems like the job of freeing the returned string should be put on the callers, or we should just return a string instead of a char*...
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attached patch Patch (v2) (deleted) — Splinter Review
Attachment #521123 - Attachment is obsolete: true
Attachment #521373 - Flags: review?(honzab.moz)
Oh crap! Collective blindness... Will look at this ASAP.
Comment on attachment 521373 [details] [diff] [review] Patch (v2) Thanks. r=honzab.
Attachment #521373 - Flags: review?(honzab.moz) → review+
http://hg.mozilla.org/mozilla-central/rev/f458cf4569b0
Status: REOPENED → RESOLVED
Closed: 14 years ago14 years ago
Resolution: --- → FIXED
Can someone confirm this as fixed?
No longer blocks: mlk-fx5+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: