SSL3_SendAlert is incorrectly locked in ssl3_HandleHelloRequest

RESOLVED FIXED in 3.19.1

Status

P1
normal
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: davidben, Assigned: davidben)

Tracking

3.12.5
3.19.1

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

4 years ago
Created attachment 8602751 [details] [diff] [review]
norenegotiatelock.patch

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.45 Safari/537.36

Steps to reproduce:

If renegotiation is disabled, ssl3_HandleHelloRequest sends a no_renegotiation alert. But the SSL3_SendAlert wrapped by the XmitBufLock. This is incorrect as SSL3_SendAlert internally already grabs that lock. It also internally calls ssl_GetSSL3HandshakeLock which asserts that the XmitBufLock has NOT been taken, so this code fails in debug mode.

See attached patch. The patch makes it match the SSL3_SendAlert call above.

Comment 1

4 years ago
Comment on attachment 8602751 [details] [diff] [review]
norenegotiatelock.patch

r=wtc. Thanks for the patch.

I also did a quick review of the other SSL3_SendAlert calls
and didn't spot another instance of this bug.

Patch checked in: https://hg.mozilla.org/projects/nss/rev/b3e011d5745b
Attachment #8602751 - Attachment is patch: true
Attachment #8602751 - Attachment mime type: text/x-patch → text/plain
Attachment #8602751 - Flags: review+
Attachment #8602751 - Flags: checked-in+

Comment 2

4 years ago
The code in question was added in NSS 3.12.5:
https://hg.mozilla.org/projects/nss/rev/4c210039abab
Assignee: nobody → davidben
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
OS: Unspecified → All
Priority: -- → P1
Hardware: Unspecified → All
Resolution: --- → FIXED
Target Milestone: --- → 3.19.1
Version: trunk → 3.12.5
You need to log in before you can comment on or make changes to this bug.