Closed Bug 116401 Opened 23 years ago Closed 23 years ago

NSS3.4 Build. Generating a key crashes browser

Categories

(Core Graveyard :: Security: UI, defect, P1)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
Windows 2000
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
psm2.2

People

(Reporter: junruh, Assigned: KaiE)

References

(
URL
)

Details

Attachments

(1 file)

Dr. Watson log of crash
32.65 KB, text/plain
Details 
1.) Visit the above AOL site, and apply for a cert.
What happens: Crash.
kai
Assignee: rangansen → kaie
Priority: -- → P1
Target Milestone: --- → 2.2
John, Kai, could you post the stack trace?  Thanks.
Blocks: 116334
Talkback is not included in this special NSS3.4 Build. 
John, after a crash on Windows, you are usually given a pop-up dialog
that says "..... press Cancel to debug".  If you press the Cancel button,
the debugger will be fired up and you should be able to get a stack trace
in the debugger.

    
    

    
  
I see a different stack track on Linux:

#0  0x43d8fa2a in SECITEM_Hash (key=0x8951c98) at secitem.c:262
#1  0x402ff138 in PL_HashTableLookup (ht=0x885d678, key=0x8951c98) at
../../../../mozilla/nsprpub/lib/ds/plhash.c:387
#2  0x43d90127 in SECOID_FindOID (oid=0x8951c98) at secoid.c:1235
#3  0x43d71dcf in seckey_UpdateCertPQGChain (subjectCert=0x8951bc0, count=1) at
seckey.c:378
#4  0x43d71fb3 in SECKEY_UpdateCertPQG (subjectCert=0x8951bc0) at seckey.c:479
#5  0x43d72e34 in CERT_ExtractPublicKey (cert=0x8951bc0) at seckey.c:965
#6  0x43d54e7b in PK11_GetPubIndexKeyID (cert=0x8951bc0) at pk11cert.c:1338
#7  0x43d54f44 in pk11_mkcertKeyID (cert=0x8951bc0) at pk11cert.c:1364
#8  0x43d55a1b in PK11_KeyForCertExists (cert=0x8951bc0, keyPtr=0xbfffd388,
wincx=0x88c6f08) at pk11cert.c:1656
#9  0x43d55bc3 in PK11_ImportCertForKey (cert=0x8951bc0, nickname=0xdadadada
<Address 0xdadadada out of bounds>, wincx=0x88c6f08) at pk11cert.c:1706
#10 0x43c881b2 in nsCrypto::ImportUserCertificates (this=0x8877b50,
aNickname=@0x8910000, aCmmfResponse=@0x8910020, aDoForcedBackup=0,
aReturn=@0xbfffd690) at
../../../../../mozilla/security/manager/ssl/src/nsCrypto.cpp:1909

At the crash location, SECITEM_Hash, item has the following, obviously damaged
contents:
{type = 3671775962, data = 0xdadadada <Address 0xdadadada out of bounds>, len =
3671775962}

    
    

    
  
I saw this on a page where two keys were generated (dual key cert). Both certs
are generated, and the page is submitted. While the resulting new page is
loaded, it crashes.


    
    

    
  
Seems to work now, tested with NSS trunk from 17:20.
fixed

Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

    
    

    
  
Verified.
Status: RESOLVED → VERIFIED

    
  
Product: PSM → Core

    
  
Version: psm2.2 → 1.0 Branch
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: