[Bug 337011] OOM crash [@ sftk_handleKeyObject][@ sftk_handleKeyParameterObject] Dereferencing possibly NULL "attribute". r=nelson NSS_3_11_BRANCH
authoralexei.volkov.bugs%sun.com
Wed, 17 May 2006 20:51:50 +0000
branchNSS_3_11_BRANCH
changeset 7078 cced2344a5d5b7611373229db0049957d0460bed
parent 7077 682877cec094ed629823b4d50308a3c2f6aa2f25
child 7081 513f5911f55841a786e062be031f5718246ce775
push idunknown
push userunknown
push dateunknown
reviewersnelson
bugs337011
[Bug 337011] OOM crash [@ sftk_handleKeyObject][@ sftk_handleKeyParameterObject] Dereferencing possibly NULL "attribute". r=nelson
security/nss/lib/softoken/pkcs11.c
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -1644,16 +1644,19 @@ sftk_handleKeyObject(SFTKSession *sessio
     if (crv != CKR_OK)  return crv; 
     crv = sftk_defaultAttribute(object,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL));
     if (crv != CKR_OK)  return crv; 
     crv = sftk_defaultAttribute(object,CKA_LOCAL,&ckfalse,sizeof(CK_BBOOL));
     if (crv != CKR_OK)  return crv; 
 
     /* get the key type */
     attribute = sftk_FindAttribute(object,CKA_KEY_TYPE);
+    if (!attribute) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
     key_type = *(CK_KEY_TYPE *)attribute->attrib.pValue;
     sftk_FreeAttribute(attribute);
 
     switch (object->objclass) {
     case CKO_PUBLIC_KEY:
 	return sftk_handlePublicKeyObject(session,object,key_type);
     case CKO_PRIVATE_KEY:
 	return sftk_handlePrivateKeyObject(session,object,key_type);
@@ -1750,16 +1753,19 @@ sftk_handleKeyParameterObject(SFTKSessio
     }
 
     /* now verify the common fields */
     crv = sftk_defaultAttribute(object,CKA_LOCAL,&ckfalse,sizeof(CK_BBOOL));
     if (crv != CKR_OK)  return crv; 
 
     /* get the key type */
     attribute = sftk_FindAttribute(object,CKA_KEY_TYPE);
+    if (!attribute) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
     key_type = *(CK_KEY_TYPE *)attribute->attrib.pValue;
     sftk_FreeAttribute(attribute);
 
     switch (key_type) {
     case CKK_DSA:
 	return sftk_handleDSAParameterObject(session,object);
 	
     default: