Closed Bug 135871 Opened 19 years ago Closed 19 years ago

NSS3.4 RC2 crashes when CERT_VerifyCertNow is called


(NSS :: Libraries, defect, P1)



(Not tracked)



(Reporter: miodrag, Assigned: rrelyea)



(Whiteboard: [adt2 RTM])


(3 files)

Using AS with new NSS3.4 RC2. Trying to install a new cerificate and the 
security CGI crashes in NSS. The call stack is  

  [1] nssTrustDomain_GetCertsForSubjectFromCache(td = (nil), subject = 0xecb24, 
certListOpt = 0xeeff8), line 845 in "tdcache.c"
  [2] NSSTrustDomain_FindCertificatesBySubject(td = (nil), subject = 0xecb24, 
rvOpt = (nil), maximumOpt = 0, arenaOpt = (nil)), line 675 in "trustdomain.c"
  [3] find_issuer_cert_for_identifier(c = 0xecaf0, id = 0xeb858), line 307 in 
  [4] NSSCertificate_BuildChain(c = 0xecaf0, timeOpt = 0xeb828, usage = 
0xffbef1b0, policiesOpt = (nil), rvOpt = 0xffbef1a4, rvLimit = 2U, arenaOpt = 
(nil), statusOpt = 0xffbef1a0), line 356 in "certificate.c"
  [5] CERT_FindCertIssuer(cert = 0xe8840, validTime = 1018057399953784LL, usage 
= certUsageSSLServer), line 409 in "certvfy.c"
  [6] CERT_VerifyCertChain(handle = 0xdd688, cert = 0xe8840, checkSig = 1, 
certUsage = certUsageSSLServer, t = 1018057399953784LL, wincx = (nil), log = 
(nil)), line 702 in "certvfy.c"
  [7] CERT_VerifyCert(handle = 0xdd688, cert = 0xe8840, checkSig = 1, certUsage 
= certUsageSSLServer, t = 1018057399953784LL, wincx = (nil), log = (nil)), line 
1138 in "certvfy.c"
  [8] CERT_VerifyCertNow(handle = 0xdd688, cert = 0xe8840, checkSig = 1, 
certUsage = certUsageSSLServer, wincx = (nil)), line 1179 in "certvfy.c"
  [9] printCertUsageInfo(description = 0x5417f "^I^I<SSLServer></SSLServer>\n", 
usage = certUsageSSLServer, cert = 0xe8840), line 356 in "security.c"
=>[10] printCert(cert = 0xe8840, key = (nil), detail = 0xffbef9c0, 
forcePrint_CertType = 0x546a9 "SERVER"), line 531 in "security.c"
  [11] installCertificate(tokenName = 0xbb300 "internal (software)", certname = 
(nil)), line 1177 in "security.c"
  [12] main(argc = 1, argv = 0xffbefb1c), line 2132 in "security.c"

The same behavior is both on NT and Solaris 2.8.

Bob Relyea has looked at the problem and recognized a NSS bug. He says there is 
no workaround for this and NSS needs to be fixed.
Priority: -- → P1
Assigned the bug to Bob.  Target NSS 3.4.1.
Assignee: wtc → relyea
Target Milestone: --- → 3.4.1
The problem seems to be with the CERT_ImportCerts() call. It creates a cert 
without the nickname.
OS: Windows 2000 → All
Actually it creates a cert without lots of things. In this case without a
CERTDBHandle (Trust domain).

It looks to me like CERT_ImportCerts should be calling CERT_NewTempCertificate
if keepCert == PR_FALSE.  Is that correct?
Yup, that's the bug. It's a pretty easy fix.
CERT_ImportCerts was changed from 3.3 to not call CERT_NewTempCertificate. 
When keepCerts == PR_FALSE, I believe that is the correct call.  Here is my
proposed patch (I don't have the test case).
Comment on attachment 78449 [details] [diff] [review]
call CERT_NewTemp

This is precisely the patch I had in mind. Approved.
Attachment #78449 - Flags: review+
checked in to tip.
Attached patch New patchSplinter Review
This patch is the fix that is currently in the tip.  Bob
suggested that we check in this fix on the NSS_3_4_BRANCH.

Bob, Ian, please review this new patch.
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Attachment #81047 - Flags: review+
This change is also needed on the branch.  Checked in.
*** Bug 140338 has been marked as a duplicate of this bug. ***
Ok, this is checked in on the tip and in NSS 3.4.2 Beta 1
Closed: 19 years ago
Resolution: --- → FIXED
Set target milestone to NSS 3.4.2.
Target Milestone: 3.4.1 → 3.4.2
Blocks: 145836
adt1.0.1+ (on ADT's behalf) for checkin to the 1.0 branch. Pls check this in
asap. thanks! 
Whiteboard: [adt2 RTM]
You need to log in before you can comment on or make changes to this bug.