135871 - NSS3.4 RC2 crashes when CERT_VerifyCertNow is called

Status: RESOLVED FIXED

(NSS :: Libraries, defect, P1)

Description

[miodrag]

Using AS with new NSS3.4 RC2. Trying to install a new cerificate and the 
security CGI crashes in NSS. The call stack is  

  [1] nssTrustDomain_GetCertsForSubjectFromCache(td = (nil), subject = 0xecb24, 
certListOpt = 0xeeff8), line 845 in "tdcache.c"
  [2] NSSTrustDomain_FindCertificatesBySubject(td = (nil), subject = 0xecb24, 
rvOpt = (nil), maximumOpt = 0, arenaOpt = (nil)), line 675 in "trustdomain.c"
  [3] find_issuer_cert_for_identifier(c = 0xecaf0, id = 0xeb858), line 307 in 
"certificate.c"
  [4] NSSCertificate_BuildChain(c = 0xecaf0, timeOpt = 0xeb828, usage = 
0xffbef1b0, policiesOpt = (nil), rvOpt = 0xffbef1a4, rvLimit = 2U, arenaOpt = 
(nil), statusOpt = 0xffbef1a0), line 356 in "certificate.c"
  [5] CERT_FindCertIssuer(cert = 0xe8840, validTime = 1018057399953784LL, usage 
= certUsageSSLServer), line 409 in "certvfy.c"
  [6] CERT_VerifyCertChain(handle = 0xdd688, cert = 0xe8840, checkSig = 1, 
certUsage = certUsageSSLServer, t = 1018057399953784LL, wincx = (nil), log = 
(nil)), line 702 in "certvfy.c"
  [7] CERT_VerifyCert(handle = 0xdd688, cert = 0xe8840, checkSig = 1, certUsage 
= certUsageSSLServer, t = 1018057399953784LL, wincx = (nil), log = (nil)), line 
1138 in "certvfy.c"
  [8] CERT_VerifyCertNow(handle = 0xdd688, cert = 0xe8840, checkSig = 1, 
certUsage = certUsageSSLServer, wincx = (nil)), line 1179 in "certvfy.c"
  [9] printCertUsageInfo(description = 0x5417f "^I^I<SSLServer></SSLServer>\n", 
usage = certUsageSSLServer, cert = 0xe8840), line 356 in "security.c"
=>[10] printCert(cert = 0xe8840, key = (nil), detail = 0xffbef9c0, 
forcePrint_CertType = 0x546a9 "SERVER"), line 531 in "security.c"
  [11] installCertificate(tokenName = 0xbb300 "internal (software)", certname = 
(nil)), line 1177 in "security.c"
  [12] main(argc = 1, argv = 0xffbefb1c), line 2132 in "security.c"

The same behavior is both on NT and Solaris 2.8.

Bob Relyea has looked at the problem and recognized a NSS bug. He says there is 
no workaround for this and NSS needs to be fixed.

Comment 1

[Wan-Teh Chang]

Assigned the bug to Bob.  Target NSS 3.4.1.

Comment 2

[miodrag]

The problem seems to be with the CERT_ImportCerts() call. It creates a cert 
without the nickname.

Comment 3

[Robert Relyea]

Actually it creates a cert without lots of things. In this case without a
CERTDBHandle (Trust domain).

Comment 4

[Ian McGreer]

Bob,

It looks to me like CERT_ImportCerts should be calling CERT_NewTempCertificate
if keepCert == PR_FALSE.  Is that correct?

Comment 5

[Robert Relyea]

Yup, that's the bug. It's a pretty easy fix.

Comment 6

[Ian McGreer]

Attachment: call CERT_NewTemp

CERT_ImportCerts was changed from 3.3 to not call CERT_NewTempCertificate. 
When keepCerts == PR_FALSE, I believe that is the correct call.  Here is my
proposed patch (I don't have the test case).

Comment 7

[Robert Relyea]

Comment on attachment 78449 [details] [diff] [review]
call CERT_NewTemp

This is precisely the patch I had in mind. Approved.

Comment 8

[Ian McGreer]

checked in to tip.

Comment 9

[Wan-Teh Chang]

Attachment: New patch

This patch is the fix that is currently in the tip.  Bob
suggested that we check in this fix on the NSS_3_4_BRANCH.

Bob, Ian, please review this new patch.

Comment 10

[Wan-Teh Chang]

Changed the QA contact to Bishakha.

Comment 11

[Ian McGreer]

Attachment: additional patch needed for 3.4 branch

This change is also needed on the branch.  Checked in.

Comment 12

[Ian McGreer]

*** Bug 140338 has been marked as a duplicate of this bug. ***

Comment 13

[Robert Relyea]

Ok, this is checked in on the tip and in NSS 3.4.2 Beta 1

Comment 14

[Wan-Teh Chang]

Set target milestone to NSS 3.4.2.

Comment 15

[Jaime Rodriguez, Jr.]

adt1.0.1+ (on ADT's behalf) for checkin to the 1.0 branch. Pls check this in
asap. thanks!