Bugzilla

Updated

•

19 years ago

Status: NEW → ASSIGNED

Comment 3

•

19 years ago

Taking.

Assignee: wtchang → b.jacques

Status: ASSIGNED → NEW

Comment 4

•

19 years ago

Attached patch fix (obsolete) — Details — Splinter Review

Attachment #191919 - Flags: review?(wtchang)

Comment 5

•

19 years ago

Could you explain why this patch fixes the crash?

Comment 6

•

19 years ago

Sure. I think this occurs because bulkkey may be null for some reason.
PK11_FreeSymKey() dereferences the bulkkey that it is passed, which causes the
crash in _PR_MD_ATOMIC_DECREMENT when bulkkey is null. See also timeless's URL.

By moving the call to PK11_FreeSymKey() into the if ( [snip] && bulkkey ) {}
block, we ensure that bulkkey is non-null, which hopefully prevents the crash
from happening.

Comment 7

•

19 years ago

Actually, looking at my patch again, I think it prevents the key from being
freed in some cases.

Comment 8

•

19 years ago

Attached patch add null check (obsolete) — Details — Splinter Review

This patch adds a seperate null check instead.

Attachment #191919 - Attachment is obsolete: true

Attachment #192041 - Flags: review?(wtchang)

Updated

•

19 years ago

Attachment #191919 - Flags: review?(wtchang)

Assignee

Comment 9

•

19 years ago

Two comments here:

1) I'm worried we are papering over a real underlying problem. It's very clear
we are doing PKCS #5, because a quick examination of the code shows that this is
the only case where bulkkey can possibly become NULL without either bailing or
crashing horribly in the code above it. This is consistant with the stack trace
(showing PKCS #12) and the description  "... or more recently it crashes when I
try to import a certificate into the Dallas JButton token."

2) Part of the bug description is "in both the 1.8a5 build and 2002113004 the
certificate manager crashes if I look at it." The certificate manager does not
invoke the code listed on the stacktrace when it's opened, only when it is
trying to import a certificate.

Anyway I believe there are 2 separate bugs. The patch is acceptible for the
first bug (crash when I import into the token) only if we verify that it's
legitamate for the PKCS #5 object to have an NULL key (it may be it's an error
case, in which case we need to error out, not ignore it).

The second problem (cert manager crashes on launch) is likely in
module/nsNSSCertTree.cpp. There was a recent patch to that code which also makes
a 'null' check and bails. On debug builds, though I sometimes see thrashed
datastructures. It looks like a nasty race condition that does not always
happen. The symptoms are you crash when you bring up the cert manager.

bob

Comment 10

•

19 years ago

Comment on attachment 192041 [details] [diff] [review]
add null check

>@@ -698,17 +698,18 @@ sec_pkcs7_decoder_start_decrypt (SEC_PKC
>     if ( SEC_PKCS5IsAlgorithmPBEAlg(&(enccinfo->contentEncAlg)) && bulkkey ) {
> 	SEC_PKCS5KeyAndPassword *keyPwd = (SEC_PKCS5KeyAndPassword *)bulkkey;
> 	bulkkey = keyPwd->key;
>     }
> 
>     /*
>      * We are done with (this) bulkkey now.
>      */
>-    PK11_FreeSymKey (bulkkey);
>+    if (bulkkey)
>+        PK11_FreeSymKey (bulkkey);

As Bob Relyea said, the only way bulkkey can be NULL here is
that keyPwd->key is NULL.  So the NULL pointer check of bulkkey
should be done inside the if statement.  But we should find out
why it is NULL so we know the proper way to handle that condition.

Attachment #192041 - Flags: review?(wtchang) → review-

Assignee

Comment 11

•

19 years ago

Attached patch Basic patch to fix the crash problem — Details — Splinter Review

The basic problem is the horrible hack we have in our code to deal with PBE
encrypted data, where part of the password item is needed not only to generate
the key, but also the IV. The hack creates a data structure which passes both
the key and the IV, then 'cleverly' intercepts its use to restor just the key
value.

This patch will fix the crash situation. The user will find, however that he
won't be able to import a cert into the desired token in these cases.

Attachment #192041 - Attachment is obsolete: true

Assignee

Comment 12

•

19 years ago

Attached patch Fix the underlying issue... — Details — Splinter Review

The reason we couldn't generate the PBE is because something failed when
passing the PBE to the token. This code tries to then generate the PBE using
the softoken. Later, when the key is use, the PKCS12 blob will likely be
decrypted and parsed by the softoken and imported into the target token (rather
then the target token unwrapping it directly).

Assignee

Comment 13

•

19 years ago

Neither patch is tested, it would be nice to try it against the JButton token.

Also, in looking into the code, it's clear that the old code and patch1 will
leak a slot reference periodically!

bob

James Rome

Reporter

Comment 14

•

19 years ago

I never have been able to use a JButton with Firefox or Mozilla. It kinda worked
with Netscape. So yes, please test this! I managed to impoirt my certificate,
but I could never use it if it was stored in the JButton.

I have 20 JButtons that are now quite useless.....

Assignee

Comment 15

•

19 years ago

This patch would only allow import. I wonder how old the PKCS #11 module is.
There were some fixes early on to Netscape where Netscape was incorrectly using
PKCS #11, though most of those fixes were done in ways to preserve
compatibility. There was one case, though in about 2000, where Netscape started
relying on PKCS #11 semantics that it hadn't relied on before. Some of the more
poorly written PKCS #11 modules broke at that point.

My guess is Dallas hasn't kept the PKCS #11 module for the JButtons up to date,
but it could be some latent bug in NSS as well.

Anyway my 'testing' point is I can't test it because I don't have any JButtons.
I was looking for a volunteer who did have one to try it. If you need a build I
can provide it.

bob

Updated

•

19 years ago

Assignee: b.jacques → rrelyea

Comment 16

•

19 years ago

Comment on attachment 192154 [details] [diff] [review]
Basic patch to fix the crash problem

This patch seems to make sense, but we need to test it to
verify the theory.

Comment 17

•

19 years ago

Comment on attachment 192156 [details] [diff] [review]
Fix the underlying issue...

>     /* if no slot specified, use the internal key slot */
>-    if(!keyPwd->slot) {
>-	keyPwd->slot = PK11_GetInternalKeySlot();
>+    if(keyPwd->slot) {
>+	slot = PK11_ReferenceSlot(keyPwd->slot);
>+    } else {
>+	slot = PK11_GetInternalKeySlot();
>     }

One change from the original code is that if keyPwd->slot
is NULL, it will remain NULL because we are now using the
local variable "slot" instead in this function.  Is this
intentional?

Other than that, this patch seems to make sense although
I didn't trace the code carefully.

Comment 18

•

19 years ago

Comment on attachment 192156 [details] [diff] [review]
Fix the underlying issue...

I traced the code in p12d.c a little more.  I found that
keyPwd->slot equals p12cx->slot (see sec_pkcs12_decoder_asafes_notify)
and p12cx->slot is never NULL (see SEC_PKCS12DecoderStart).
This means in the following code in sec_pkcs12_decoder_get_decrypt_key,
keyPwd->slot cannot be NULL, and that it isn't leaking slot references
because the code inside the if statement is never executed.

    /* if no slot specified, use the internal key slot */
    if(!keyPwd->slot) {
	keyPwd->slot = PK11_GetInternalKeySlot();
    }

So now I think this patch is correct.  We just need to test it...

Updated

•

19 years ago

Attachment #192156 - Flags: review+

Comment 19

•

19 years ago

Comment on attachment 192154 [details] [diff] [review]
Basic patch to fix the crash problem

This basic patch is fine even though it doesn't fix the (potential)
leak of the internal key slot, which I determined by code
inspection can't possibly happen (see comment 18).

Attachment #192154 - Flags: review+

Assignee

Comment 20

•

19 years ago

The 'crash when starting the cert manager' is covered in bug  225034.

Adam Guthrie

Comment 21

•

19 years ago

*** Bug 304367 has been marked as a duplicate of this bug. ***

Caleb

Comment 22

•

19 years ago

This is 2nd place on the Firefox trunk topcrashers list.

Keywords: topcrash → topcrash+

Assignee

Comment 23

•

19 years ago

Really, with this exact crash signature:

_PR_MD_ATOMIC_DECREMENT  
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/nsprpub/pr/src/md/wi
ndows/ntmisc.c, line 800]
PK11_FreeSymKey  
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/security/nss/lib/pk1
1wrap/pk11skey.c, line 249]
sec_pkcs7_decoder_notify  
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/security/nss/lib/pkc
s7/p7decode.c, line 1045]

Or is it that just _PR_MD_ATOMIC_DECREMENT on the top of stack. If the latter,
then you have a different bug and you need a new bug report. If the former, then
that means a *LOT* of people have smart cards installed (which I would love, but
find hard to believe).

bob

Updated

•

19 years ago

Priority: -- → P2

Target Milestone: --- → 3.11

Caleb

Comment 24

•

19 years ago

(In reply to comment #23)
> Really, with this exact crash signature:

Sorry, my bad :)

The topcrasher isn't the same bug ...

Keywords: topcrash+ → topcrash

timeless

Updated

•

19 years ago

Summary: Certificate manager crashes [@ _PR_MD_ATOMIC_DECREMENT] → Certificate manager crashes [@ _PR_MD_ATOMIC_DECREMENT - PK11_FreeSymKey]

Assignee

Comment 25

•

19 years ago

Attached patch Fix the crash problem by removing the hack (obsolete) — Details — Splinter Review

Fix the issue addressed in this bug by removing the hack altogether. 

This patch add a new feature which allows applications to attach data to a key.
The PBE code then uses this feature to attach the pwitem to the key rather than
hacking up a fake structure which isn't a key to begin with.

This patch also removes a long standing issue with symetric keys were we have
'session thrashing'. Sometimes we need new key structures where the session
will not be owned by the key itself (this happens a lot in an SSL connection).
In the old code we would get a new key, create a session for it, then
immediately close that session and inherit the parent's session. In this
current code the caller tells the sym key create code wether or not it needs a
session, and an appropriate key structure is returned to it. On freeing, keys
which own their own sessions are placed on separte queues so that those
sessions can be reused to hold new keys.

Attachment #196938 - Flags: review?(wtchang)

Comment 26

•

19 years ago

Attached patch Fix the crash problem by removing the hack (relevant subset) — Details — Splinter Review

Bob, I have reviewed your whole patch, which consists
of two unrelated subsets.  I have more questions about
the subset that deals with "session thrashing".  The
subset that deals with the SEC_PKCS5KeyAndPassword as
symkey hack looks correct.  (I didn't try to understand
what the code does.  I just made sure the changes look
reasonable and there are no obvious mistakes.)

I only have one suggested change: make
PK11_SetSymKeyUserData return void.  The only reason
PK11_SetSymKeyUserData may fail is that the symKey
pointer is bad, but a bad symKey pointer can also
cause PK11_GetSymKeyUserData to crash/fail (that function
returns void).	Not to mention your code doesn't
check the return value of PK11_SetSymKeyUserData anyway.

Attachment #198027 - Flags: review+

Comment 27

•

19 years ago

Attached patch Bob's fix for symkey "session thrashing" — Details — Splinter Review

This is the other subset of Bob's patch
"Fix the crash problem by removing the hack"
(attachment 196938 [details] [diff] [review]).

Attachment #196938 - Attachment is obsolete: true

Attachment #198028 - Flags: review?(wtchang)

Comment 28

•

19 years ago

Comment on attachment 198027 [details] [diff] [review]
Fix the crash problem by removing the hack (relevant subset)

Bob, we should also remove the definition of the
SEC_PKCS5KeyAndPassword type from keythi.h, or at
least add a "unused and deprecated" comment.

keythi.h is exported in spite of the "i" in its
name.  Still, I think it's safe to remove the
definition of the SEC_PKCS5KeyAndPassword type.

Comment 29

•

19 years ago

Comment on attachment 198027 [details] [diff] [review]
Fix the crash problem by removing the hack (relevant subset)

In comment 26, I said that I didn't try to understand
what the code in this patch does.  I just spent more
time doing that.  So now this patch gets my full endorsement.

I found another minor improvement.  In p12d.c, we have:

	/* if one is being decoded, finish the decode */
	if(p12dcx->currentASafeP7Dcx != NULL) {
	    if(!SEC_PKCS7DecoderFinish(p12dcx->currentASafeP7Dcx)) {
		p12dcx->currentASafeP7Dcx = NULL;
		p12dcx->errorValue = PORT_GetError();
		goto loser;
	    }
	    p12dcx->currentASafeP7Dcx = NULL;
	}
	p12dcx->currentASafeP7Dcx = NULL;

The last line can be removed.

Comment 30

•

19 years ago

Comment on attachment 198028 [details] [diff] [review]
Bob's fix for symkey "session thrashing"

r=wtc.	I have many suggested changes for this patch to
make the code easier to understand, but the code is correct.

Among my suggestions, only one is code change, which I will
describe here:

In pk11wrap/pk11skey.c, we have

>     if (symKey) {
> 	symKey->next = NULL;
>-	if ((symKey->series != slot->series) || (!symKey->sessionOwner))
>-    	    symKey->session = pk11_GetNewSession(slot,&symKey->sessionOwner);
>+	if (!ownSession) {
>+	    return symKey;
>+	}
>+	/* if we are getting an owner key, make sure we have a valid session.
>+         * session could be invalid if the token has been removed or because
>+         * we got it from the non-owner free list */
>+	if ((symKey->series != slot->series) || 
>+			 (symKey->session == CK_INVALID_SESSION)) {
>+	    symKey->session = pk11_GetNewSession(slot, &symKey->sessionOwner);
>+	}
> 	PORT_Assert(symKey->session != CK_INVALID_SESSION);
> 	if (symKey->session != CK_INVALID_SESSION)
> 	    return symKey;
>-        PK11_FreeSymKey(symKey);
>+	PK11_FreeSymKey(symKey);
>     }

I think we should do "return NULL;" at the end of the if block,
rather than falling through.  If pk11_GetNewSession just failed
here, it will most likely fail again.  So I don't see any point to
fall through (which will retry pk11_GetNewSession).

The rest of my suggested changes are comment improvements and possibly
renaming the ownSession function parameter.  I was confused by "owner",
"sessionOwner", "ownSession".  They all look similar.  "owner" and
"sessionOwner" are not documented.  "ownSession" actually does not
imply "sessionOwner" but rather means "create the symkey with a session,
which may not be owned by the symkey".	I've figured them all out after
reading the all the code, but it could be made more clear.  I will give
my suggestions to Bob in person.

Attachment #198028 - Flags: review?(wtchang) → review+

Comment 31

•

19 years ago

Comment on attachment 198027 [details] [diff] [review]
Fix the crash problem by removing the hack (relevant subset)

When I think about this patch more, I have a new concern
about the new PK11_GetSymKeyUserData and PK11_SetSymKeyUserData
functions.  They are more flexible than what we need to fix
this bug.  My concern is that multiple users may set their
data to the same symkey, so that they interfere with each
other or interfere with NSS's own use of the user data.

So, it may be safer to call these functions
PK11_GetPBESymKeyPassword and PK11_SetPBESymKeyPassword.
Or, we can make these functions for NSS internal use only
(__PK11_GetSymKeyUserData and __PK11_SetSymKeyUserData).
Or, we should at least document that users of these two
functions must make sure they are the only users of the
symkey's user data.

Assignee

Comment 32

•

19 years ago

re wtc. I intended them to be flexible, and callable by users. The PBE keys are
not readily available to the user, so there isn't an issuer of usage there. I
figured if we needed the function for PBE, users may need to use it for keys
that they create as well.

I seems reasonable to document the usage:

/*
 * PK11_SetSymKeyUserData
 *   sets generic user data on keys (usually a pointer to a data structure)
 * that can later be retrieved by PK11_GetSymKeyUserData().
 *    data - data to be set.
 *    freefunc - function used to free the data.
 * Setting user data on symKeys with existing user data already set will cause
 * the existing user data to be freed before the new user data is set.
 * Freeing user data is done by calling the user specified freefunc.
 * If freefunc is NULL, the user data is assumed to be global or static an
 * not freed. Passing NULL for user data to PK11_SetSymKeyUserData has the
 * effect of freeing any existing user data, and clearing the user data
 * pointer. If user data exists when the symKey is finally freed, that
 * data will be freed with freefunc.
 *
 * Applications should only use this function on keys which the application
 * has created directly, as there is only one user data slot.
 */

Updated

•

19 years ago

Attachment #196938 - Flags: review?(wtchang)

Comment 33

•

19 years ago

Attached patch Code cleanup patch — Details — Splinter Review

Remove the now unused type definition.  We only need
to set p12dcx->currentASafeP7Dcx to NULL if it isn't
NULL.

Attachment #202174 - Flags: review?(rrelyea)

Stephen Donner [:stephend] Not actively reading bugmail

Assignee

Updated

•

19 years ago

Attachment #202174 - Flags: review?(rrelyea) → review+

Comment 34

•

19 years ago

Is the "code cleanup patch" going in soon?  I just crashed in PR_MD_ATOMIC_DECREMENT...

Stephen Donner [:stephend] Not actively reading bugmail

Comment 35

•

19 years ago

(In reply to comment #34)
> Is the "code cleanup patch" going in soon?  I just crashed in
> PR_MD_ATOMIC_DECREMENT...

Er, nevermind, sorry.  That's just code removal.  Sigh...

Comment 36

•

19 years ago

This bug is only fixed in NSS 3.11, which is not yet
in any Mozilla client release.

Nelson Bolyard (seldom reads bugmail)

Comment 37

•

19 years ago

Comment on attachment 202174 [details] [diff] [review]
Code cleanup patch

I checked in this code cleanup patch on the NSS
trunk (NSS 3.12).

Checking in cryptohi/keythi.h;
/cvsroot/mozilla/security/nss/lib/cryptohi/keythi.h,v  <--  keythi.h
new revision: 1.9; previous revision: 1.8
done
Checking in pkcs12/p12d.c;
/cvsroot/mozilla/security/nss/lib/pkcs12/p12d.c,v  <--  p12d.c
new revision: 1.30; previous revision: 1.29
done

Updated

•

18 years ago

QA Contact: jason.m.reid → libraries

David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)

Comment 38

•

18 years ago

(In reply to comment #36)
> This bug is only fixed in NSS 3.11, which is not yet
> in any Mozilla client release.

That's no longer true anymore, right?

James Rome

Reporter

Comment 39

•

18 years ago

It is working in seamonkey (which I switched to)

Status: NEW → RESOLVED

Closed: 18 years ago

Resolution: --- → WORKSFORME

Updated

•

18 years ago

Status: RESOLVED → REOPENED

Resolution: WORKSFORME → ---