Closed
Bug 119086
Opened 23 years ago
Closed 22 years ago
NSS3.4 build / crash in cert manager after SSL client auth
Categories
(Core Graveyard :: Security: UI, defect, P1)
Tracking
(Not tracked)
VERIFIED
WORKSFORME
psm2.2
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Access any client auth site. Either the one mentioned in bug 118818, or https://217.160.75.209/misc/test6/ (optional client auth, you don't need a cert). After the page has been loaded, try to open cert manager => crash The console says: lock != NULL, at ../../../../../mozilla/nsprpub/pr/src/pthreads/ptsynch.c:182 Debugger says: #2 0x4064d062 in abort () at ../sysdeps/generic/abort.c:88 #3 0x4031a824 in PR_Assert (s=0x4034b85c "lock != NULL", file=0x4034b780 "../../../../../mozilla/nsprpub/pr/src/pthreads/ptsynch.c", ln=182) at ../../../../../mozilla/nsprpub/pr/src/io/prlog.c:505 #4 0x40337c2f in PR_Lock (lock=0x0) at ../../../../../mozilla/nsprpub/pr/src/pthreads/ptsynch.c:182 #5 0x43dbd314 in nssPKIObject_AddRef (object=0x896f348) at certdecode.c:89 #6 0x43db8bdf in nssCertificate_AddRef (c=0x896f348) at certificate.c:71 #7 0x43dbd118 in cert_iter (k=0x896f348, v=0x896f330, a=0x8af0ae0) at tdcache.c:1012 #8 0x43dc721e in nss_hash_enumerator (he=0x89494f8, index=0, arg=0xbfffcf2c) at hash.c:376 #9 0x40300271 in PL_HashTableEnumerateEntries (ht=0x888ad48, f=0x43dc71e8 <nss_hash_enumerator>, arg=0xbfffcf2c) at ../../../../mozilla/nsprpub/lib/ds/plhash.c:429 #10 0x43dc7273 in nssHash_Iterate (hash=0x888ad28, fcn=0x43dbd0f0 <cert_iter>, closure=0x8af0ae0) at hash.c:399 #11 0x43dbd196 in nssTrustDomain_GetCertsFromCache (td=0x888a388, certListOpt=0x8af0ae0) at tdcache.c:1030 #12 0x43dbbad9 in NSSTrustDomain_TraverseCertificates (td=0x888a388, callback=0x43d77ea0 <convert_cert>, arg=0xbfffcfa8) at trustdomain.c:854 #13 0x43d7cba1 in PK11_ListCerts (type=PK11CertListCA, pwarg=0x8af0210) at pk11cert.c:3011 #14 0x43c96e5c in nsNSSCertificateDB::GetCertsByType (this=0x8aef158, aType=1, aCertCmpFn=0x43ca2cac <nsCertOutliner::CmpByTok_IssuerOrg_Name(nsIX509Cert *, nsIX509Cert *)>, _certs=0x8aefa1c) at ../../../../../mozilla/security/manager/ssl/src/nsNSSCertificate.cpp:2704 #15 0x43ca337b in nsCertOutliner::LoadCerts (this=0x8aefa10, aType=1) at ../../../../../mozilla/security/manager/ssl/src/nsCertOutliner.cpp:268 in nssPKIObject_AddRef object is: {arena = 0x0, lock = 0x0, refCount = 0, instanceList = 0x0, instances = 0x0, trustDomain = 0x0, cryptoContext = 0x0} one level above that, in nssCertificate_AddRef c is: {object = {arena = 0x0, lock = 0x0, refCount = 0, instanceList = 0x0, instances = 0x0, trustDomain = 0x0, cryptoContext = 0x0}, type = NSSCertificateType_Unknown, id = {data = 0x0, size = 0}, encoding = {data = 0x0, size = 0}, issuer = {data = 0x8949498, size = 71}, subject = {data = 0x0, size = 0}, serial = {data = 0x89494e8, size = 4}, nickname = 0x0, email = 0x0, decoding = 0x0}
Comment 2•23 years ago
|
||
I backed out my last checkin to tdcache.c. It caused this bug.
Assignee | ||
Comment 3•23 years ago
|
||
Hmm, I now see a different crash. Erase the *.db files from your profile. Go to https://217.160.75.209/misc/test6/ After the page has been loaded, quit Mozilla. Crash on exit. Will post a stack trace.
Assignee | ||
Comment 4•23 years ago
|
||
#0 0x443b6a53 in nssCertificateStore_Remove (store=0xdadadada, cert=0x8880fc8) at pkistore.c:307 #1 0x4439dafa in CERT_DestroyCertificate (cert=0x8831600) at stanpcertdb.c:468 #2 0x4433189c in ssl3_CleanupPeerCerts (ssl3=0x8817f68) at ssl3con.c:6378 #3 0x44334cb4 in ssl3_DestroySSL3Info (ssl3=0x8817f68) at ssl3con.c:7948 #4 0x443454cb in ssl_FreeSocket (ss=0x8812f78) at sslsock.c:345 #5 0x4433dc7e in ssl_DefClose (ss=0x8812f78) at ssldef.c:244 #6 0x44341474 in ssl_SecureClose (ss=0x8812f78) at sslsecur.c:965 #7 0x4434730b in ssl_Close (fd=0x86d4800) at sslsock.c:1170 #8 0x4427b7a9 in nsSSLIOLayerClose (fd=0x86d4800) at ../../../../../mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp:582 At level #0, we crash on PZ_Lock, stored points to 0xdadadada
Updated•23 years ago
|
Target Milestone: --- → 2.2
Comment 5•23 years ago
|
||
This is a PSM bug. The problem is that NSS_Shutdown() is called before the socket is closed. Put a break in NSS_Shutdown(), and another in ssl_Close(), and you'll see that there is an attempt to close an SSL socket after NSS has been shutdown. That is the why the memory shown in the stack trace is invalid.
Assignee | ||
Comment 6•23 years ago
|
||
Ian, thanks for debugging this. Conrad, Darin, looks like we need to extend what we've done in bug 104021 and bug 104020, and do the same when the application exits. I think, when application exit is initiated, "profile-change-net-teardown" should be posted (causing a synch shutdown of network activity). Do you know of a good place to add that? Could the profile manager code do that?
Assignee: ssaux → kaie
Comment 7•23 years ago
|
||
Kai, I think shutting down the profile when we exit the app would do it. Also, I think I'll need to do that anyway for a bug I'm working on now (bug 76431).
Comment 9•23 years ago
|
||
This shouldn't block 116334. This remains a P1 bug. We'll work with Conrad to make sure we do the right thing. As I understand it, this is sort of an edge case.
No longer blocks: 116334
Comment 11•23 years ago
|
||
nsbeta1- unless we get conrad fix.
Comment 12•22 years ago
|
||
WFM on Win2000 and Linux.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → WORKSFORME
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•