Closed
Bug 135871
Opened 22 years ago
Closed 22 years ago
NSS3.4 RC2 crashes when CERT_VerifyCertNow is called
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.4.2
People
(Reporter: miodrag, Assigned: rrelyea)
References
Details
(Whiteboard: [adt2 RTM])
Attachments
(3 files)
1009 bytes,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
1.35 KB,
patch
|
bugz
:
review+
|
Details | Diff | Splinter Review |
613 bytes,
patch
|
Details | Diff | Splinter Review |
Using AS with new NSS3.4 RC2. Trying to install a new cerificate and the security CGI crashes in NSS. The call stack is [1] nssTrustDomain_GetCertsForSubjectFromCache(td = (nil), subject = 0xecb24, certListOpt = 0xeeff8), line 845 in "tdcache.c" [2] NSSTrustDomain_FindCertificatesBySubject(td = (nil), subject = 0xecb24, rvOpt = (nil), maximumOpt = 0, arenaOpt = (nil)), line 675 in "trustdomain.c" [3] find_issuer_cert_for_identifier(c = 0xecaf0, id = 0xeb858), line 307 in "certificate.c" [4] NSSCertificate_BuildChain(c = 0xecaf0, timeOpt = 0xeb828, usage = 0xffbef1b0, policiesOpt = (nil), rvOpt = 0xffbef1a4, rvLimit = 2U, arenaOpt = (nil), statusOpt = 0xffbef1a0), line 356 in "certificate.c" [5] CERT_FindCertIssuer(cert = 0xe8840, validTime = 1018057399953784LL, usage = certUsageSSLServer), line 409 in "certvfy.c" [6] CERT_VerifyCertChain(handle = 0xdd688, cert = 0xe8840, checkSig = 1, certUsage = certUsageSSLServer, t = 1018057399953784LL, wincx = (nil), log = (nil)), line 702 in "certvfy.c" [7] CERT_VerifyCert(handle = 0xdd688, cert = 0xe8840, checkSig = 1, certUsage = certUsageSSLServer, t = 1018057399953784LL, wincx = (nil), log = (nil)), line 1138 in "certvfy.c" [8] CERT_VerifyCertNow(handle = 0xdd688, cert = 0xe8840, checkSig = 1, certUsage = certUsageSSLServer, wincx = (nil)), line 1179 in "certvfy.c" [9] printCertUsageInfo(description = 0x5417f "^I^I<SSLServer></SSLServer>\n", usage = certUsageSSLServer, cert = 0xe8840), line 356 in "security.c" =>[10] printCert(cert = 0xe8840, key = (nil), detail = 0xffbef9c0, forcePrint_CertType = 0x546a9 "SERVER"), line 531 in "security.c" [11] installCertificate(tokenName = 0xbb300 "internal (software)", certname = (nil)), line 1177 in "security.c" [12] main(argc = 1, argv = 0xffbefb1c), line 2132 in "security.c" The same behavior is both on NT and Solaris 2.8. Bob Relyea has looked at the problem and recognized a NSS bug. He says there is no workaround for this and NSS needs to be fixed.
Comment 1•22 years ago
|
||
Assigned the bug to Bob. Target NSS 3.4.1.
Assignee: wtc → relyea
Target Milestone: --- → 3.4.1
The problem seems to be with the CERT_ImportCerts() call. It creates a cert without the nickname.
OS: Windows 2000 → All
Assignee | ||
Comment 3•22 years ago
|
||
Actually it creates a cert without lots of things. In this case without a CERTDBHandle (Trust domain).
Comment 4•22 years ago
|
||
Bob, It looks to me like CERT_ImportCerts should be calling CERT_NewTempCertificate if keepCert == PR_FALSE. Is that correct?
Assignee | ||
Comment 5•22 years ago
|
||
Yup, that's the bug. It's a pretty easy fix.
Comment 6•22 years ago
|
||
CERT_ImportCerts was changed from 3.3 to not call CERT_NewTempCertificate. When keepCerts == PR_FALSE, I believe that is the correct call. Here is my proposed patch (I don't have the test case).
Assignee | ||
Comment 7•22 years ago
|
||
Comment on attachment 78449 [details] [diff] [review] call CERT_NewTemp This is precisely the patch I had in mind. Approved.
Attachment #78449 -
Flags: review+
Comment 8•22 years ago
|
||
checked in to tip.
Comment 9•22 years ago
|
||
This patch is the fix that is currently in the tip. Bob suggested that we check in this fix on the NSS_3_4_BRANCH. Bob, Ian, please review this new patch.
Comment 10•22 years ago
|
||
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Updated•22 years ago
|
Attachment #81047 -
Flags: review+
Comment 11•22 years ago
|
||
This change is also needed on the branch. Checked in.
Comment 12•22 years ago
|
||
*** Bug 140338 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 13•22 years ago
|
||
Ok, this is checked in on the tip and in NSS 3.4.2 Beta 1
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 15•22 years ago
|
||
adt1.0.1+ (on ADT's behalf) for checkin to the 1.0 branch. Pls check this in asap. thanks!
Whiteboard: [adt2 RTM]
Updated•22 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•