Closed Bug 122261 Opened 23 years ago Closed 23 years ago

Assertion failed for certificate without e-mailAddr data

Categories

(Core Graveyard :: Security: UI, defect, P2)

Product:
Core Graveyard
Component:
Security: UI
Version:
Other Branch
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
psm2.2

People

(Reporter: erl, Assigned: KaiE)

References

Details

Attachments

(2 files)

gdb backtrace of assertion
3.66 KB, text/plain
Details
Remove the unnecessary assertion in CERT_SaveSMimeProfile.
549 bytes, patch
KaiE
: review+
Details | Diff | Splinter Review
I am experimenting with signing E-mails with using a certificate from my Internet bank. I sent a signed E-mail to myself. When I open it in Mozilla mail, I get an assertion: Assertion failure: emailAddr, at pcertdb.c:6860 Using gdb, I looked at the certificate, and it looks OK. However its' emailAddr field is NULL. I think this is correct, that is, the certificate does not contain my e-mail address. Whatever Mozilla's behaviour should be, it shouldn't crash!
kai
Assignee: ssaux → kaie
Priority: -- → P2
Target Milestone: --- → 2.2
Bob, Julien, CERT_SaveSMimeProfile has PORT_Assert(emailAddr), which causes this crash. What do you prefer, should we remove that assertion (and just return if there is no address), or should the application assure the availability of an email adress prior to calling NSS_SMIMESignerInfo_SaveSMIMEProfile?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Should I fix that assertion failure inside NSS by adding checks to PSM?
In the routine that crashed, I don't see an assertion anymore. It seems that code has been removed. Not sure what the new behaviour is, i.e. whether it still crashes: Erland, FYI: We landed a new version of the internal crypto libraries a few days ago. Could you please help us, grab a Mozilla nightly build, and see whether you still crash? As the assertion has been removed, I'm marking this invalid. Erland, please reopen the bug if you still crash. Thanks.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
I now get the following assertion: Assertion failure: emailAddr, at stanpcertdb.c:688 I believe this line has moved to #698 in stanpcertdb.c I hope it's ok to keep this bug instead of creating a new one.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
NSS?
Kai, I think the assertion PORT_Assert(emailAddr) in CERT_SaveSMimeProfile() should be removed. Bob, do you agree? Although PSM checks the return value of NSS_SMIMESignerInfo_SaveSMIMEProfile(), it merely logs a debug message and still returns NS_OK if that function fails. Is that the right thing?
Yes we should remove the assert. we shouldn't crash on a malformed S/MIME message, and we particularly should crash on a message that's well formed, but missing the email address. We, of course, should not verify the signature (at least without some other way to bind the email address to the certificate). I think it's OK for PSM to quietly fail to save the S/MIME profile. A noisy failure could be more annoying, especially since this operation happens as a side effect of reading the email. bob
Comment on attachment 71824 [details] [diff] [review] Remove the unnecessary assertion in CERT_SaveSMimeProfile. I agree to all previous comments. r=kaie
Attachment #71824 - Flags: review+
Blocks: 128593
Comment on attachment 71824 [details] [diff] [review] Remove the unnecessary assertion in CERT_SaveSMimeProfile. I checked this patch into the tip of NSS. I am going to get drivers's approval to get this fix into the NSS_CLIENT_TAG.
Comment on attachment 71824 [details] [diff] [review] Remove the unnecessary assertion in CERT_SaveSMimeProfile. This patch has been checked into the NSS_CLIENT_TAG of NSS. I think you can mark this bug fixed now.
Marking fixed. Erland, tomorrow's build should work. If it does, can you please give feedback? Thanks!
Status: REOPENED → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → FIXED
Super, the crashes are gone. Thanks for your efforts. A question though: How should I be informed that the message was signed? In the normal mail view (message under list of message in the mailbox), with a collapsed 'headers' pane, I see no indication that the message is signed at all. If I expand the headers pane, I do se a "<signed>" at the far right opposite the "Received:" header. I also see that the Contents-Type: says: Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020804000300050303040507" (However, the signature is not presented as an attachment). I can also select "View Message Security Info", and I properly see that the message is signed. So, what I'm wondering is if I shouldn't be seeing some kind of icon to indicate that the message was signed (and the status of signature verification) in the collapsed-headers view.
Status: RESOLVED → VERIFIED
Erland, thanks for pointing this out, we'll include some status on the status bar.
Product: PSM → Core
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: