Closed Bug 1166129 Opened 9 years ago Closed 9 years ago

Crash at SSLServerCertVerification.cpp:1064 with certificates without extensions

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1165911
Tracking Flags:
Tracking Status
firefox39 --- affected
firefox40 --- affected
firefox41 --- affected
firefox-esr38 --- affected

People

(Reporter: glandium, Assigned: glandium)

Details

Attachments

(1 file)

Add a NULL-check for extensions on the end entity certificate when gathering EKU telemetry
1.62 KB, patch
Details | Diff | Splinter Review 
Code reads:
  for (size_t i = 0; endEntityCert->extensions[i]; i++) {

If extensions is NULL, which happens when the certificate doesn't have extensions and the CA that emitted the certificate is in the builtin token. I don't know if there are CAs in the default set that still emit certificates without extensions, but in Debian, we are adding the SPI CA certificate, and the certificate on mentors.debian.net doesn't have extensions, leading to a crash.
Assignee: nobody → mh+mozilla

        Attachment #8607291 -
        Flags: review?(dkeeler)

    
    

    
  
This is a dupe of Bug 1165911, but thanks for taking the time to make a patch anyways.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE

    
  

        Attachment #8607291 -
        Flags: review?(dkeeler)

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: