Bug 1531074 - SECKEY_SetPublicValue derefs after null checks, r=rrelyea NSS_3_43_BETA1
authorMartin Thomson <mt@lowentropy.net>
Thu, 28 Feb 2019 07:06:59 +1100
changeset 15041 55dfd930f93447ad3daeecdd319e87b59a6ca275
parent 15040 a306d84e4c70fd97fec81b30f7945661b6508727
child 15042 740e49c4fb0e63db9877dbf893c48a5a3ae9f103
child 15043 cf681f9cffd6107ba759d61336328deb1f26f693
push id3292
push usermartin.thomson@gmail.com
push dateFri, 08 Mar 2019 05:37:37 +0000
reviewersrrelyea
bugs1531074
Bug 1531074 - SECKEY_SetPublicValue derefs after null checks, r=rrelyea Summary: This should help with our coverity analysis. Reviewers: rrelyea Tags: #secure-revision Bug #: 1531074 Differential Revision: https://phabricator.services.mozilla.com/D21423
lib/pk11wrap/pk11akey.c
--- a/lib/pk11wrap/pk11akey.c
+++ b/lib/pk11wrap/pk11akey.c
@@ -1678,18 +1678,18 @@ PK11_MakeKEAPubKey(unsigned char *keyDat
 }
 
 SECStatus
 SECKEY_SetPublicValue(SECKEYPrivateKey *privKey, SECItem *publicValue)
 {
     SECStatus rv;
     SECKEYPublicKey pubKey;
     PLArenaPool *arena;
-    PK11SlotInfo *slot = privKey->pkcs11Slot;
-    CK_OBJECT_HANDLE privKeyID = privKey->pkcs11ID;
+    PK11SlotInfo *slot;
+    CK_OBJECT_HANDLE privKeyID;
 
     if (privKey == NULL || publicValue == NULL ||
         publicValue->data == NULL || publicValue->len == 0) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
     pubKey.arena = NULL;
@@ -1699,16 +1699,19 @@ SECKEY_SetPublicValue(SECKEYPrivateKey *
     /* can't use PORT_InitCheapArena here becase SECKEY_DestroyPublic is used
       * to free it, and it uses PORT_FreeArena which not only frees the 
       * underlying arena, it also frees the allocated arena struct. */
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     pubKey.arena = arena;
     if (arena == NULL) {
         return SECFailure;
     }
+
+    slot = privKey->pkcs11Slot;
+    privKeyID = privKey->pkcs11ID;
     rv = SECFailure;
     switch (privKey->keyType) {
         default:
             /* error code already set to SECFailure */
             break;
         case rsaKey:
             pubKey.u.rsa.modulus = *publicValue;
             rv = PK11_ReadAttribute(slot, privKeyID, CKA_PUBLIC_EXPONENT,