Closed Bug 103219 Opened 23 years ago Closed 19 years ago

OCSP responder failure to send data after a connect hangs client.

Categories

(Core Graveyard :: Security: UI, defect, P2)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
Windows 2000
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla1.4final

People

(Reporter: ssaux, Assigned: KaiE)

References

Details

If the OCSP responder allows connections but then never write anything on the socket, then the browser will hang as NSS uses blocking sockets for OCSP, and doesn't set a timeout for PR_Read(). The solution to this is probably not in PSM, so this is a tracking bug. This is hard to replicate.
Priority: -- → P2
Target Milestone: --- → Future
Here is the stack trace. It seems, blocking I/O, no timeout is used. #0 0x406a5894 in __poll (fds=0xbfffeb18, nfds=1, timeout=5000) at ../sysdeps/unix/sysv/linux/poll.c:63 #1 0x402e467c in pt_poll_now (op=0xbfffeb94) at ../../../../../mozilla/nsprpub/pr/src/pthreads/ptio.c:568 #2 0x402e4a48 in pt_Continue (op=0xbfffeb94) at ../../../../../mozilla/nsprpub/pr/src/pthreads/ptio.c:682 #3 0x402e6851 in pt_Recv (fd=0x8a23b88, buf=0x424cf0f0, amount=8192, flags=0, timeout=4294967295) at ../../../../../mozilla/nsprpub/pr/src/pthreads/ptio.c:1724 #4 0x402e68ba in pt_SocketRead (fd=0x8a23b88, buf=0x424cf0f0, amount=8192) at ../../../../../mozilla/nsprpub/pr/src/pthreads/ptio.c:1735 #5 0x402c494c in PR_Read (fd=0x8a23b88, buf=0x424cf0f0, amount=8192) at ../../../../../mozilla/nsprpub/pr/src/io/priometh.c:136 #6 0x416eb38e in ocsp_MinMaxRead (fd=0x8a23b88, buf=0x424cf0f0 "", minimum=128, maximum=8192) at ocsp.c:1776 #7 0x416eb466 in ocsp_GetEncodedResponse (arena=0x0, sock=0x8a23b88) at ocsp.c:1839 #8 0x416ebc43 in CERT_GetEncodedOCSPResponse (arena=0x0, certList=0x4245e1c8, location=0x42437728 "http://nsocsp.netscape.com", time=1002232310565881, addServiceLocator=0, signerCert=0x0, pwArg=0x0, pRequest=0xbfffed78) at ocsp.c:2271 #9 0x416ecf99 in CERT_CheckOCSPStatus (handle=0x81ce3f8, cert=0x424a7a58, time=1002232310565881, pwArg=0x0) at ocsp.c:3365 #10 0x416f129b in CERT_VerifyCert (handle=0x81ce3f8, cert=0x424a7a58, checkSig=1, certUsage=certUsageEmailSigner, t=1002232310565881, wincx=0x0, log=0x0) at certvfy.c:1119 #11 0x416f132c in CERT_VerifyCertNow (handle=0x81ce3f8, cert=0x424a7a58, checkSig=1, certUsage=certUsageEmailSigner, wincx=0x0) at certvfy.c:1144 #12 0x41681182 in nsNSSCertificate::GetUsageArray (this=0x4242ae40, suffix=0x417a8b3f "_p", _verified=0xbf7fea28, _count=0xbffff20c, tmpUsages=0xbffff214) at ../../../../../mozilla/security/manager/ssl/src/nsNSSCertificate.cpp:1244 #13 0x41684d8d in nsNSSCertificate::GetPurposes (this=0x4242ae40, _verified=0xbf7fea28, _purposes=0xbf7feb64) at ../../../../../mozilla/security/manager/ssl/src/nsNSSCertificate.cpp:1855
Blocks: 157555
Keywords: nsbeta1
Assignee: ssaux → kaie
QA Contact: junruh → bmartin
Target Milestone: Future → ---
Product: PSM → Core
We changed the PR_Read call to a PR_Recv call with a timeout in rev. 1.7 of lib/certhigh/ocsp.c, for NSS bug 141256. The fix (in NSS 3.5+) first appeared in Netscape 7, which I remember is based on Mozilla 1.4.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.4final
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.