Closed
Bug 1330952
Opened 7 years ago
Closed 7 years ago
Assertion failure: ss->ssl3.prSpec->version <= SSL_LIBRARY_VERSION_TLS_1_2, at ../../lib/ssl/ssl3con.c:9773
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1341002
People
(Reporter: ttaubert, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
9 bytes,
application/octet-stream
|
Details |
Assertion failure: ss->ssl3.prSpec->version <= SSL_LIBRARY_VERSION_TLS_1_2, at ../../lib/ssl/ssl3con.c:9773 ==83716== ERROR: libFuzzer: deadly signal #0 0x1146947c0 in __sanitizer_print_stack_trace (/Users/tim/bin/clang-3.9/lib/clang/3.9.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x5c7c0) #1 0x10bbccb43 in fuzzer::Fuzzer::CrashCallback() (/Users/tim/workspace/nss-code/nss/../dist/Debug/bin/nssfuzz-client+0x10002fb43) #2 0x10bbccac2 in fuzzer::Fuzzer::StaticCrashSignalCallback() (/Users/tim/workspace/nss-code/nss/../dist/Debug/bin/nssfuzz-client+0x10002fac2) #3 0x10bc39e18 in fuzzer::CrashHandler(int, __siginfo*, void*) (/Users/tim/workspace/nss-code/nss/../dist/Debug/bin/nssfuzz-client+0x10009ce18) LLVMSymbolizer: error reading file: fat file does not contain x86_64h #4 0x7fff9731d529 (/usr/lib/system/libsystem_platform.dylib+0x2529) #5 0x114602e8a (/Users/tim/workspace/nss-code/dist/Debug/lib/libnspr4.dylib+0x185e8a) LLVMSymbolizer: error reading file: fat file does not contain x86_64h #6 0x7fff988546de (/usr/lib/system/libsystem_c.dylib+0x5e6de) #7 0x11449febb in PR_Assert (/Users/tim/workspace/nss-code/dist/Debug/lib/libnspr4.dylib+0x22ebb) #8 0x1142d6b43 in ssl3_HandleCertificateVerify (/Users/tim/workspace/nss-code/dist/Debug/lib/libssl3.dylib+0x58b43) #9 0x1142bcad3 in ssl3_HandlePostHelloHandshakeMessage (/Users/tim/workspace/nss-code/dist/Debug/lib/libssl3.dylib+0x3ead3) #10 0x1142b77ba in ssl3_HandleHandshakeMessage (/Users/tim/workspace/nss-code/dist/Debug/lib/libssl3.dylib+0x397ba) #11 0x1142c1d0e in ssl3_HandleHandshake (/Users/tim/workspace/nss-code/dist/Debug/lib/libssl3.dylib+0x43d0e) #12 0x1142bdf47 in ssl3_HandleRecord (/Users/tim/workspace/nss-code/dist/Debug/lib/libssl3.dylib+0x3ff47) #13 0x1142fb2bb in ssl3_GatherCompleteHandshake (/Users/tim/workspace/nss-code/dist/Debug/lib/libssl3.dylib+0x7d2bb) #14 0x11430635b in ssl_GatherRecord1stHandshake (/Users/tim/workspace/nss-code/dist/Debug/lib/libssl3.dylib+0x8835b) #15 0x11431131c in ssl_Do1stHandshake (/Users/tim/workspace/nss-code/dist/Debug/lib/libssl3.dylib+0x9331c) #16 0x114314f8f in SSL_ForceHandshake (/Users/tim/workspace/nss-code/dist/Debug/lib/libssl3.dylib+0x96f8f) #17 0x10bba92d7 in LLVMFuzzerTestOneInput (/Users/tim/workspace/nss-code/nss/../dist/Debug/bin/nssfuzz-client+0x10000c2d7) #18 0x10bbd0b3b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/Users/tim/workspace/nss-code/nss/../dist/Debug/bin/nssfuzz-client+0x100033b3b) #19 0x10bbd133f in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long) (/Users/tim/workspace/nss-code/nss/../dist/Debug/bin/nssfuzz-client+0x10003433f) #20 0x10bbaaa96 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/Users/tim/workspace/nss-code/nss/../dist/Debug/bin/nssfuzz-client+0x10000da96) #21 0x10bbaef2d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/Users/tim/workspace/nss-code/nss/../dist/Debug/bin/nssfuzz-client+0x100011f2d) #22 0x10bbe4763 in main (/Users/tim/workspace/nss-code/nss/../dist/Debug/bin/nssfuzz-client+0x100047763) LLVMSymbolizer: error reading file: fat file does not contain x86_64h #23 0x7fff9df4b5ac (/usr/lib/system/libdyld.dylib+0x35ac) NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal MS: 0 ; base unit: 0000000000000000000000000000000000000000 0x16,0x3,0x1,0x0,0x4,0xf,0x0,0x0,0x0, \x16\x03\x01\x00\x04\x0f\x00\x00\x00
Reporter | ||
Comment 1•7 years ago
|
||
INFO: MaxLen: 20000 INFO: Seed: 3948298322 INFO: Loaded 0 modules (0 guards): ../dist/Debug/bin/nssfuzz-client: Running 1 inputs 1 time(s) each. Running: ./crash-03c0546658fa10eb13a50dbfd5fced760f0e3cb2 SSL: tracing set to 100 83810: SSL: grow buffer from 0 to 18432 83810: SSL: grow buffer from 0 to 18432 ssl3_GatherCompleteHandshake 83810: SSL3[48080]: gather state 1 (need 5 more) 83810: SSL[48080]: raw gather data: [Len: 5] 16 03 01 00 04 ..... 83810: SSL: grow buffer from 0 to 18432 83810: SSL3[48080]: gather state 2 (need 4 more) 83810: SSL[48080]: raw gather data: [Len: 4] 0f 00 00 00 .... 83810: SSL[48080]: got record of 4 bytes 83810: SSL[-]: disabling group 19 83810: SSL[-]: disabling group 17 83810: SSL[-]: disabling group 15 83810: SSL[-]: disabling group 16 83810: SSL[-]: disabling group 1 83810: SSL[-]: disabling group 2 83810: SSL[-]: disabling group 3 83810: SSL[-]: disabling group 18 83810: SSL[-]: disabling group 4 83810: SSL[-]: disabling group 5 83810: SSL[-]: disabling group 21 83810: SSL[-]: disabling group 20 83810: SSL[-]: disabling group 6 83810: SSL[-]: disabling group 7 83810: SSL[-]: disabling group 8 83810: SSL[-]: disabling group 22 83810: SSL[-]: disabling group 9 83810: SSL[-]: disabling group 10 83810: SSL[-]: disabling group 11 83810: SSL[-]: disabling group 12 83810: SSL[-]: disabling group 13 83810: SSL[-]: disabling group 14 83810: SSL3[48080]: handle handshake message: certificate_verify (15) 83810: SSL: grow buffer from 0 to 18432 83810: SSL3[48080]: handle certificate_verify handshake Assertion failure: ss->ssl3.prSpec->version <= SSL_LIBRARY_VERSION_TLS_1_2, at ../../lib/ssl/ssl3con.c:9773 ==83810== ERROR: libFuzzer: deadly signal #0 0x116d517c0 in __sanitizer_print_stack_trace (/Users/tim/bin/clang-3.9/lib/clang/3.9.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x5c7c0) #1 0x10e28eb43 in fuzzer::Fuzzer::CrashCallback() (/Users/tim/workspace/nss-code/nss/../dist/Debug/bin/nssfuzz-client+0x10002fb43) #2 0x10e28eac2 in fuzzer::Fuzzer::StaticCrashSignalCallback() (/Users/tim/workspace/nss-code/nss/../dist/Debug/bin/nssfuzz-client+0x10002fac2) #3 0x10e2fbe18 in fuzzer::CrashHandler(int, __siginfo*, void*) (/Users/tim/workspace/nss-code/nss/../dist/Debug/bin/nssfuzz-client+0x10009ce18) LLVMSymbolizer: error reading file: fat file does not contain x86_64h #4 0x7fff9731d529 (/usr/lib/system/libsystem_platform.dylib+0x2529) NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal MS: 0 ; base unit: 0000000000000000000000000000000000000000 0x16,0x3,0x1,0x0,0x4,0xf,0x0,0x0,0x0, \x16\x03\x01\x00\x04\x0f\x00\x00\x00
Reporter | ||
Comment 2•7 years ago
|
||
ss->version is still 0 at this point because certificate_verify is the first message we see. Should we turn the assertion into something like:
> PORT_Assert(ss->version == 0 || ss->ssl3.prSpec->version <= SSL_LIBRARY_VERSION_TLS_1_2)
? Also, this isn't security sensitive as we'll bail out right below.
Group: crypto-core-security
Flags: needinfo?(ekr)
Reporter | ||
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Updated•7 years ago
|
Flags: needinfo?(ekr)
You need to log in
before you can comment on or make changes to this bug.
Description
•