Closed Bug 115683 Opened 23 years ago Closed 23 years ago

NSS3.4 build. Expired web site cert crashes browser

Categories

(Core Graveyard :: Security: UI, defect, P1)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
psm2.2

People

(Reporter: junruh, Assigned: KaiE)

References

(
URL
)

Details

1.) Visit the above site, and click OK on the Expired web site cert dialog box.
What happens: Crash.
cc kai.
correct summary -> NSS3.4
Summary: NSS4.3 build. Expired web site cert crashes browser → NSS3.4 build. Expired web site cert crashes browser
cc relyea
Priority: -- → P1
Target Milestone: --- → 2.2
Blocks: 116334
Crashes on Linux, too.

In nssTrustDomain_GetCertsForSubjectFromCache / file tdcache.c, there is this call:
  PZ_Lock(td->cache->lock);

But td is NULL.

Stack trace:
#0  0x432a0795 in nssTrustDomain_GetCertsForSubjectFromCache (td=0x0,
subject=0x87d8028, certListOpt=0x8808818) at tdcache.c:770
#1  0x4329f254 in NSSTrustDomain_FindCertificatesBySubject (td=0x0,
subject=0x87d8028, rvOpt=0x0, maximumOpt=0, arenaOpt=0x0) at trustdomain.c:570
#2  0x4329cb24 in find_issuer_cert_for_identifier (c=0x87d7ff8, id=0x8805b60) at
certificate.c:206
#3  0x4329cccd in NSSCertificate_BuildChain (c=0x87d7ff8, timeOpt=0x85fe038,
usage=0x4103e0b4, policiesOpt=0x0, rvOpt=0x4103e0a8, rvLimit=2, arenaOpt=0x0,
statusOpt=0x4103e0a4) at certificate.c:277
#4  0x432598b0 in CERT_FindCertIssuer (cert=0x87d89f8,
validTime=1008959648195575, usage=certUsageSSLServer) at certvfy.c:419
#5  0x43259fe3 in CERT_VerifyCertChain (handle=0x87baa48, cert=0x87d89f8,
checkSig=0, certUsage=certUsageSSLServer, t=1008959648195575, wincx=0x8776030,
log=0x0) at certvfy.c:722
#6  0x4325aca9 in CERT_VerifyCert (handle=0x87baa48, cert=0x87d89f8, checkSig=0,
certUsage=certUsageSSLServer, t=1008959648195575, wincx=0x8776030, log=0x0) at
certvfy.c:1157
#7  0x4325ad8e in CERT_VerifyCertNow (handle=0x87baa48, cert=0x87d89f8,
checkSig=0, certUsage=certUsageSSLServer, wincx=0x8776030) at certvfy.c:1198
#8  0x431676c8 in verifyCertAgain (cert=0x87d89f8, sslSocket=0x8776d88,
infoObject=0x8776030) at
../../../../../mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp:1049
#9  0x43168c79 in nsNSSBadCertHandler (arg=0x8776030, sslSocket=0x8776d88) at
../../../../../mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp:1855
#10 0x43226a9f in ssl2_HandleServerHelloMessage (ss=0x8776128) at sslcon.c:2979
#11 0x4322acec in ssl_Do1stHandshake (ss=0x8776128) at sslsecur.c:156
#12 0x4322c9ae in ssl_SecureSend (ss=0x8776128, buf=0x85d4910 "GET /ciphers.html
HTTP/1.1\r\nHost: bolohead.mcom.com:23168\r\nUser-Agent: Mozilla/5.0 (X11; U;
Linux i686; en-US; rv:0.9.7+) Gecko/20011220\r\nAccept: text/xml,
application/xml, application/xhtml+xml, text"..., len=459, flags=0) at
sslsecur.c:1100
#13 0x4322cacf in ssl_SecureWrite (ss=0x8776128, buf=0x85d4910 "GET
/ciphers.html HTTP/1.1\r\nHost: bolohead.mcom.com:23168\r\nUser-Agent:
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.7+) Gecko/20011220\r\nAccept:
text/xml, application/xml, application/xhtml+xml, text"..., len=459) at
sslsecur.c:1134
#14 0x432326d9 in ssl_Write (fd=0x8776d88, buf=0x85d4910, len=459) at sslsock.c:1252
#15 0x4316682a in nsSSLIOLayerWrite (fd=0x86f2608, buf=0x85d4910, amount=459) at
../../../../../mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp:709
#16 0x4030e837 in PR_Write (fd=0x86f2608, buf=0x85d4910, amount=459) at
../../../../../mozilla/nsprpub/pr/src/io/priometh.c:141
#17 0x409347b5 in nsSocketOS::Write (this=0x87a0230, aBuf=0x85d4910 "GET
/ciphers.html HTTP/1.1\r\nHost: bolohead.mcom.com:23168\r\nUser-Agent:
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.7+) Gecko/20011220\r\nAccept:
text/xml, application/xml, application/xhtml+xml, text"..., aCount=459,
aBytesWritten=0x4103e938) at
../../../../mozilla/netwerk/base/src/nsSocketTransport.cpp:2458
#18 0x4093470e in nsSocketOS::WriteFromSegments (input=0x85cf594,
closure=0x87a0230, fromSegment=0x85d4910 "GET /ciphers.html HTTP/1.1\r\nHost:
bolohead.mcom.com:23168\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:0.9.7+) Gecko/20011220\r\nAccept: text/xml, application/xml,
application/xhtml+xml, text"..., offset=0, count=459, countRead=0x4103e938) at
../../../../mozilla/netwerk/base/src/nsSocketTransport.cpp:2438
#19 0x40294a39 in ConstCharImpl::ReadSegments (this=0x85cf590, writer=0x409346d8
<nsSocketOS::WriteFromSegments(nsIInputStream *, void *, char const *, unsigned
int, unsigned int, unsigned int *)>, closure=0x87a0230, aCount=459,
result=0x4103e938) at ../../../mozilla/xpcom/io/nsStringStream.cpp:359
#20 0x409348e7 in nsSocketOS::WriteFrom (this=0x87a0230, aIS=0x85cf594,
aCount=16384, aBytesWritten=0x4103e938) at
../../../../mozilla/netwerk/base/src/nsSocketTransport.cpp:2484
#21 0x40975022 in nsHttpTransaction::OnDataWritable (this=0x86ff4e0,
os=0x87a0230) at
../../../../../mozilla/netwerk/protocol/http/src/nsHttpTransaction.cpp:213
#22 0x4097416d in nsHttpConnection::OnDataWritable (this=0x8678ed0,
request=0x87ae058, context=0x8678ed4, outputStream=0x87a0230, offset=0,
count=8192) at
../../../../../mozilla/netwerk/protocol/http/src/nsHttpConnection.cpp:669
#23 0x40935b0c in nsSocketWriteRequest::OnWrite (this=0x87ae058) at
../../../../mozilla/netwerk/base/src/nsSocketTransport.cpp:2882
#24 0x40930820 in nsSocketTransport::doReadWrite (this=0x85d4c78,
aSelectFlags=3) at ../../../../mozilla/netwerk/base/src/nsSocketTransport.cpp:1081
#25 0x4092f0fd in nsSocketTransport::Process (this=0x85d4c78, aSelectFlags=3) at
../../../../mozilla/netwerk/base/src/nsSocketTransport.cpp:516
#26 0x40936e97 in nsSocketTransportService::Run (this=0x8146a38) at
../../../../mozilla/netwerk/base/src/nsSocketTransportService.cpp:516
#27 0x40239567 in nsThread::Main (arg=0x8154fa0) at
../../../mozilla/xpcom/threads/nsThread.cpp:120
OS: Windows 2000 → All
Hardware: PC → All
wtc: I provided some debugging results in above comments.

Thank you, Kai, for your help.

Ian, could you take a look at the stack trace?
--> rev 1.15 of certdb/stanpcertdb.c

I needed to make sure temp certs have a "home" in a trust domain.

Is it the case that the root cert for the server cert is already in your db?
The cert was generated with John's private CA. I don't have that CA cert.

*** Bug 115684 has been marked as a duplicate of this bug. ***
kai.
Assignee: rangansen → kaie
I tested this today with selfserv and an expired cert and it worked.
I tested using todays build, it doesn't crash any more.
John, I will provide you with todays windows build later today.
fixed
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Verified with the 1/7 NSS build from /u/kaie.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.2 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.