Closed
Bug 212004
Opened 21 years ago
Closed 21 years ago
A crash in CERT_IsUserCert because cert->trust is NULL
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.9
People
(Reporter: wtc, Assigned: wtc)
Details
(Whiteboard: [3.8.2][3.7.8])
Attachments
(1 file)
837 bytes,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
The NSS version is 3.7.7. The tree has been modified with some printf statements so the line numbers may be off a little. I am getting a crash in CERT_IsUserCert because cert->trust is NULL. The top of the stack trace is: #0 CERT_IsUserCert (cert=0xa3e0c80) at certdb.c:2613 #1 0x03f46758 in CERT_FilterCertListForUserCerts (certList=0x9967580) at certdb.c:2640 #2 0x03ef77a4 in CERT_FindUserCertByUsage (handle=0x530b948, nickname=0x873675c "<a valid cert nickname>", usage=certUsageEmailSigner, validOnly=1, proto_win=0x0) at certhigh.c:289 This happens while I am viewing a signed email message that I sent to myself and I remove and re-insert a smartcard, which has my signing and encryption certs. The cert in question is: (gdb) print *cert $4 = { arena = 0x53168e0, subjectName = 0x99591c0 "CN=Wan-Teh Chang, E=wtc@netscape.com, UID=wtc, O=America Online Inc, C=US", issuerName = 0x9959210 "CN=Intranet Certificate Authority, OU=AOL Technologies, O=America Online Inc, L=Mountain View, ST=CA, C=US", signatureWrap = { data = { type = siBuffer, data = 0xa3e0e0c "0\202\002�\003\002\001\002\002\002i�0\r\006\t*\206H\206� \r\001\001\004\005", len = 746 }, signatureAlgorithm = { algorithm = { type = siBuffer, data = 0xa3e10fa "*\206H\206�\r\001\001\004\005", len = 9 }, parameters = { type = siBuffer, data = 0xa3e1103 "\005", len = 2 } }, signature = { type = siBuffer, data = 0xa3e1109 "K/\030+��:����\fk�N\026]�\200\026\030", len = 1024 } }, derCert = { type = siBuffer, data = 0xa3e0e08 "0\202\003}0\202\002�\003\002\001\002\002\002i�0\r\006\t* \206H\206�\r\001\001\004\005", len = 897 }, derIssuer = { type = siBuffer, data = 0xa3e0e28 "0\201\2231\v0\t\006\003U\004\006\023\002US1\v0\t\006\003U\004\b\023\002CA1\0260\024\006\003U\004\a\023\rMountain View1\e0\031\006\003U\004\n\023\022America Online Inc1\0310\027\006\003U\004\v\023\020AOL Technologies1'0%\006\003U\004\003\023\036Intranet Certificate Authority0\036\027\r030306192627Z\027\r030902192627Z0x1\v0\t\006\003U\004\006\023\002US1\e0"..., len = 150 }, derSubject = { type = siBuffer, data = 0xa3e0ede \031\006\003U\004\n\023\022America Online Inc1\0230\021\006\n\t\222&\211\223�,d\001\001\023\003wtc1\0370\035\006\t*\206H \206�\r\001\t\001\026\020wtc@netscape.com1\0260\024\006\003U\004\003\023\rWan- Teh Chang0\201\2370\r\006\t*\206H\206�\r\001\001\001\005", len = 122 }, derPublicKey = { type = siBuffer, data = 0xa3e0f58 "0\201\2370\r\006\t*\206H\206�\r\001\001\001\005", len = 162 }, certKey = { type = siBuffer, data = 0x99590a0 "i�0\201\2231\v0\t\006\003U\004\006\023\002US1\v0\t\006 \003U\004\b\023\002CA1\0260\024\006\003U\004\a\023\rMountain View1\e0\031\006\003U\004\n\023\022America Online Inc1\0310\027\006\003U\004\v\023\020AOL Technologies1'0%\006\003U\004\003\023\036Intranet Certificate Authoritywtc@netscape.com", len = 152 }, version = { type = siBuffer, data = 0xa3e0e14 "\002\002\002i�0\r\006\t*\206H\206�\r\001\001\004\005", len = 1 }, serialNumber = { type = siBuffer, data = 0xa3e0e17 "i�0\r\006\t*\206H\206�\r\001\001\004\005", len = 2 }, signature = { algorithm = { type = siBuffer, data = 0xa3e0e1d "*\206H\206�\r\001\001\004\005", len = 9 }, parameters = { type = siBuffer, data = 0xa3e0e26 "\005", len = 2 } }, issuer = { arena = 0x0, rdns = 0xa3e1198 }, validity = { arena = 0x0, notBefore = { type = siBuffer, data = 0xa3e0ec2 "030306192627Z\027\r030902192627Z0x1\v0\t\006\003U\004\006\023\002US1\e0\031\006\003U\004\n\023\022America Online Inc1\0230\021\006\n\t\222&\211\223�,d\001\001\023\003wtc1\0370\035\006\t* \206H\206�\r\001\t\001\026\020wtc@netscape.com1\0260\024\006\003U\004\003\023\ rWan-Teh Chang0\201\2370\r\006\t*\206H\206�\r\001\001\001\005", len = 13 }, notAfter = { type = siBuffer, data = 0xa3e0ed1 "030902192627Z0x1\v0\t\006\003U\004\006\023\002US1\e0\031\006\003U\004\n\023\022America Online Inc1\0230\021\006\n\t\222&\211\223�,d\001\001\023\003wtc1\0370\035\006\t* \206H\206�\r\001\t\001\026\020wtc@netscape.com1\0260\024\006\003U\004\003\023\ rWan-Teh Chang0\201\2370\r\006\t*\206H\206�\r\001\001\001\005", len = 13 } }, subject = { arena = 0x0, rdns = 0xa3e1290 }, subjectPublicKeyInfo = { arena = 0x0, algorithm = { algorithm = { type = siBuffer, data = 0xa3e0f5f "*\206H\206�\r\001\001\001\005", len = 9 }, parameters = { type = siBuffer, data = 0xa3e0f68 "\005", len = 2 } }, subjectPublicKey = { type = siBuffer, data = 0xa3e0f6e "0\201\211\002\201\201", len = 1120 } }, issuerID = { type = siBuffer, data = 0x0, len = 0 }, subjectID = { type = siBuffer, data = 0x0, len = 0 }, extensions = 0xa3e1360, emailAddr = 0x9959138 "wtc@netscape.com", dbhandle = 0x530b948, subjectKeyID = { type = siBuffer, data = 0x9959160 "\233\n��\236\2327\025���Jh^&\nfv�t����", len = 20 }, keyIDGenerated = 0, keyUsage = 128, rawKeyUsage = 128, keyUsagePresent = 1, nsCertType = 160, keepSession = 0, timeOK = 0, domainOK = 0x0, isperm = 0, istemp = 1, nickname = 0x0, dbnickname = 0x0, nssCertificate = 0xa3e0490, trust = 0x0, referenceCount = 1, subjectList = 0x0, authKeyID = 0x9959180, isRoot = 0, authsocketlist = 0x0, series = 0, slot = 0x0, pkcs11ID = 0, ownSlot = 0 } Is it normal for a temp cert to have a NULL 'trust' pointer?
Assignee | ||
Comment 1•21 years ago
|
||
To the best of my knowledge, it is fine for a temp cert to have a null 'trust' pointer, and it should be interpreted as no trust. So that's what this patch does.
Comment 2•21 years ago
|
||
I have verified that CERT_NewTempCertificate returns a cert with a NULL trust pointer when it is invoked with a previously unknown cert.
Assignee | ||
Updated•21 years ago
|
Attachment #127286 -
Flags: review?(nelsonb)
Comment 3•21 years ago
|
||
Comment on attachment 127286 [details] [diff] [review] Proposed patch Looks correct to me
Attachment #127286 -
Flags: review?(nelsonb) → review+
Assignee | ||
Comment 4•21 years ago
|
||
Fix checked into the NSS tip (NSS 3.9), NSS_3_8_BRANCH (NSS 3.8.2), and NSS_CLIENT_TAG (Mozilla 1.5a).
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Whiteboard: [3.8.2]
Target Milestone: --- → 3.9
Assignee | ||
Comment 5•21 years ago
|
||
I checked in the fix on the NSS_3_7_BRANCH (NSS 3.7.8).
Whiteboard: [3.8.2] → [3.8.2][3.7.8]
You need to log in
before you can comment on or make changes to this bug.
Description
•