NSS3.4 RC2 crashes when CERT_VerifyCertNow is called

RESOLVED FIXED in 3.4.2

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
15 years ago
15 years ago

People

(Reporter: miodrag, Assigned: Robert Relyea)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [adt2 RTM])

Attachments

(3 attachments)

(Reporter)

Description

15 years ago
Using AS with new NSS3.4 RC2. Trying to install a new cerificate and the 
security CGI crashes in NSS. The call stack is  

  [1] nssTrustDomain_GetCertsForSubjectFromCache(td = (nil), subject = 0xecb24, 
certListOpt = 0xeeff8), line 845 in "tdcache.c"
  [2] NSSTrustDomain_FindCertificatesBySubject(td = (nil), subject = 0xecb24, 
rvOpt = (nil), maximumOpt = 0, arenaOpt = (nil)), line 675 in "trustdomain.c"
  [3] find_issuer_cert_for_identifier(c = 0xecaf0, id = 0xeb858), line 307 in 
"certificate.c"
  [4] NSSCertificate_BuildChain(c = 0xecaf0, timeOpt = 0xeb828, usage = 
0xffbef1b0, policiesOpt = (nil), rvOpt = 0xffbef1a4, rvLimit = 2U, arenaOpt = 
(nil), statusOpt = 0xffbef1a0), line 356 in "certificate.c"
  [5] CERT_FindCertIssuer(cert = 0xe8840, validTime = 1018057399953784LL, usage 
= certUsageSSLServer), line 409 in "certvfy.c"
  [6] CERT_VerifyCertChain(handle = 0xdd688, cert = 0xe8840, checkSig = 1, 
certUsage = certUsageSSLServer, t = 1018057399953784LL, wincx = (nil), log = 
(nil)), line 702 in "certvfy.c"
  [7] CERT_VerifyCert(handle = 0xdd688, cert = 0xe8840, checkSig = 1, certUsage 
= certUsageSSLServer, t = 1018057399953784LL, wincx = (nil), log = (nil)), line 
1138 in "certvfy.c"
  [8] CERT_VerifyCertNow(handle = 0xdd688, cert = 0xe8840, checkSig = 1, 
certUsage = certUsageSSLServer, wincx = (nil)), line 1179 in "certvfy.c"
  [9] printCertUsageInfo(description = 0x5417f "^I^I<SSLServer></SSLServer>\n", 
usage = certUsageSSLServer, cert = 0xe8840), line 356 in "security.c"
=>[10] printCert(cert = 0xe8840, key = (nil), detail = 0xffbef9c0, 
forcePrint_CertType = 0x546a9 "SERVER"), line 531 in "security.c"
  [11] installCertificate(tokenName = 0xbb300 "internal (software)", certname = 
(nil)), line 1177 in "security.c"
  [12] main(argc = 1, argv = 0xffbefb1c), line 2132 in "security.c"

The same behavior is both on NT and Solaris 2.8.

Bob Relyea has looked at the problem and recognized a NSS bug. He says there is 
no workaround for this and NSS needs to be fixed.
(Reporter)

Updated

15 years ago
Priority: -- → P1

Comment 1

15 years ago
Assigned the bug to Bob.  Target NSS 3.4.1.
Assignee: wtc → relyea
Target Milestone: --- → 3.4.1
(Reporter)

Comment 2

15 years ago
The problem seems to be with the CERT_ImportCerts() call. It creates a cert 
without the nickname.
OS: Windows 2000 → All
(Assignee)

Comment 3

15 years ago
Actually it creates a cert without lots of things. In this case without a
CERTDBHandle (Trust domain).

Comment 4

15 years ago
Bob,

It looks to me like CERT_ImportCerts should be calling CERT_NewTempCertificate
if keepCert == PR_FALSE.  Is that correct?
(Assignee)

Comment 5

15 years ago
Yup, that's the bug. It's a pretty easy fix.

Comment 6

15 years ago
Created attachment 78449 [details] [diff] [review]
call CERT_NewTemp

CERT_ImportCerts was changed from 3.3 to not call CERT_NewTempCertificate. 
When keepCerts == PR_FALSE, I believe that is the correct call.  Here is my
proposed patch (I don't have the test case).
(Assignee)

Comment 7

15 years ago
Comment on attachment 78449 [details] [diff] [review]
call CERT_NewTemp

This is precisely the patch I had in mind. Approved.
Attachment #78449 - Flags: review+

Comment 8

15 years ago
checked in to tip.

Comment 9

15 years ago
Created attachment 81047 [details] [diff] [review]
New patch

This patch is the fix that is currently in the tip.  Bob
suggested that we check in this fix on the NSS_3_4_BRANCH.

Bob, Ian, please review this new patch.

Comment 10

15 years ago
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee

Updated

15 years ago
Attachment #81047 - Flags: review+

Comment 11

15 years ago
Created attachment 81161 [details] [diff] [review]
additional patch needed for 3.4 branch

This change is also needed on the branch.  Checked in.

Comment 12

15 years ago
*** Bug 140338 has been marked as a duplicate of this bug. ***
(Assignee)

Comment 13

15 years ago
Ok, this is checked in on the tip and in NSS 3.4.2 Beta 1
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED

Comment 14

15 years ago
Set target milestone to NSS 3.4.2.
Target Milestone: 3.4.1 → 3.4.2

Updated

15 years ago
Blocks: 145836

Comment 15

15 years ago
adt1.0.1+ (on ADT's behalf) for checkin to the 1.0 branch. Pls check this in
asap. thanks! 
Keywords: adt1.0.1+, mozilla1.0.1, nsbeta1+
Whiteboard: [adt2 RTM]

Updated

15 years ago
Keywords: adt1.0.1+, mozilla1.0.1 → fixed1.0.1
You need to log in before you can comment on or make changes to this bug.