115927 - NSS3.4 / Crash when opening cert trust edit twice

Status: VERIFIED FIXED

(Core Graveyard :: Security: UI, defect, P1)

Description

[Kai Engert [:KaiE:]]

Open cert manager, authorities tab. Select any cert. Klick Edit to open the
"edit trust" dialog. Within that, click cancel. Now click "edit" again.

Actual result: crash

The crash is triggered by:
  Assertion failure: module->refCount == 0, at pk11util.c:599

I talked to Bob, he confirmed that the assertion is correct.

"If the module has not been destroyed, then it should still be holding a
reference to a slot. If you are tripping overt this problem it means someone is
freeing a reference to a slot that they did not own."

Most likely this means, the PSM code has a bug somewhere.

Comment 1

[Stephane Saux]

This is not happening with 3.3.

Comment 2

[Stephane Saux]

How do we get in the SECMOD_SlotDestroyModule() code by cancelling this dialog
and then clicking on edit cert?

The code that gets called is in nsCertOuliner::GetCertAtIndex().

->kaie

Comment 3

[Kai Engert [:KaiE:]]

Attachment: Suggested fix

Bob, do you think this patch is correct?

Comment 4

[Robert Relyea]

Yes, it looks correct. PK11_FindCertByIssuerAndSN should be returning a
Reference to the slot.

bob

Comment 5

[Kai Engert [:KaiE:]]

Patch checked in to tip of NSS.
fixed

Comment 6

[Rangan Sen]

Kai, looks like this problem still exists - at least on NT - even after I 
updated pk11cert.c. Happens when I open edit trust twice, or when I try to 
delete two certs one after the other in the same session...

Comment 7

[Rangan Sen]

Sorry - my mistake - I got it going for me now ..

Comment 8

[John Unruh]

Verified with the 1/7/02 trunk Linux build.