27988 - crash when saving user/password if a null db key is given

Status: VERIFIED FIXED

(SeaMonkey :: Passwords & Permissions, defect, P3)

Description

[Trent Jarvi]

In the process of saving login user id and password, if one does not enter a db
key (NULL), mozilla closes.  I observed this at my.yahoo.com and
www.cnbc.com.

I'd expect a dialog box stating the key was invalid like I get when I enter
123 as the db key.

Build ID 2000021416

Comment 1

[Stephen P. Morse]

Let me clarify this a bit because from the information above I was about to 
close it out as works-for-me.  I then tried the following steps and was able to 
demonstrate the problem.  And I got a crash, not just a normla exit! :-(

1. Save a password from a previous session and thereby create a (non-null) 
master password.

2. Go to my.yahoo.com in current session.

3. Dialog pops up asking for master password.  Don't enter anything and click OK

4. Crashes with the following stack trace:

nsBasicStreamGenerator::GetByte(nsBasicStreamGenerator * const 0x0316a080, 
unsigned int 0, unsigned char * 0x0012ef08) line 93 + 25 bytes
Wallet_GetKey(int 35, int 0) line 1419 + 25 bytes
wallet_ReadKeyFile(int 0) line 1656 + 93 bytes
Wallet_SetKey(int 0) line 1825 + 12 bytes
si_SetKey() line 326 + 7 bytes
SI_LoadSignonData(int 1) line 1787 + 5 bytes
SINGSIGN_RestoreSignonData(char * 0x02f01650, unsigned short * 0x02f03530, 
unsigned short * * 0x0012fa14, unsigned int 0) line 2416 + 7 bytes
nsWalletlibService::OnEndDocumentLoad(nsWalletlibService * const 0x02134ddc, 
nsIDocumentLoader * 0x02a9ba20, nsIChannel * 0x02c2c110, unsigned int 0) line 
313 + 48 bytes
nsDocLoaderImpl::FireOnEndDocumentLoad(nsDocLoaderImpl * 0x02a9ba20, nsIChannel 
* 0x02c2c110, unsigned int 0) line 603
nsDocLoaderImpl::FireOnEndDocumentLoad(nsDocLoaderImpl * 0x02a9ba20, nsIChannel 
* 0x02c2c110, unsigned int 0) line 611
nsDocLoaderImpl::FireOnEndDocumentLoad(nsDocLoaderImpl * 0x02a9ba20, nsIChannel 
* 0x02c2c110, unsigned int 0) line 611
nsDocLoaderImpl::DocLoaderIsEmpty(unsigned int 0) line 494
nsDocLoaderImpl::OnStopRequest(nsDocLoaderImpl * const 0x02a9ba24, nsIChannel * 
0x02f694c0, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 
0x00000000) line 438
nsLoadGroup::RemoveChannel(nsLoadGroup * const 0x02a9b9c0, nsIChannel * 
0x02f694c0, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 
0x00000000) line 535 + 42 bytes
nsHTTPChannel::ResponseCompleted(nsIChannel * 0x02fd3eb4, nsIStreamListener * 
0x02fdefd0, unsigned int 0, const unsigned short * 0x00000000) line 1344
nsHTTPResponseListener::OnStopRequest(nsHTTPResponseListener * const 0x02fd8da0, 
nsIChannel * 0x02fd3eb4, nsISupports * 0x02f694c0, unsigned int 0, const 
unsigned short * 0x00000000) line 255
nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x02fdfbb0) line 
279
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x02fdfb60) line 93 + 12 bytes
PL_HandleEvent(PLEvent * 0x02fdfb60) line 526 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x010232c0) line 487 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x11c60760, unsigned int 49335, unsigned int 0, 
long 16921280) line 975 + 9 bytes
USER32! 77e71268()
010232c0()

Comment 2

[Paul MacQuiddy]

setting sairuh as qa contact

Comment 3

[Stephen P. Morse]

Further clarification.  This is not restricted to a particular site -- the crash 
will occur anytime you are asked to unlock the single-signon database and you 
reply with a null password.

Comment 4

[Stephen P. Morse]

I have a fix in hand.  Very simple and safe.  Awaiting code review and checkin 
approval.

Comment 5

[leger]

Putting on the PDT+ radar for beta1.

Comment 6

[Stephen P. Morse]

Checked in new version of wallet.cpp to fix this problem.

Comment 7

[Eli Goldberg]

Bulk move to Single Signon component, which has subsumed Password Cache.

Comment 8

[sairuh (rarely reading bugmail)]

verif w/2000021708 comm bits on linux, mac and winNT.