Closed Bug 1397833 Opened 7 years ago Closed 7 years ago

Assertion failure: false (MOZ_ASSERT_UNREACHABLE: Invalid key exchange group.) in nsNSSCallbacks.cpp:859

Categories

(Core :: Security: PSM, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla57
Tracking Status
firefox57 --- fixed

People

(Reporter: Alex_Gaynor, Assigned: franziskus)

References

Details

Attachments

(1 file)

(Wasn't sure if this belonged in nss, PSM, or something else)

Reproducible for me 100%, STR:

- Build nightly from hg (3c96d611ebd6)
- ./mach run
- Browse to badssl.com/dashboard/

Assertion failure: false (MOZ_ASSERT_UNREACHABLE: Invalid key exchange group.), at /Users/agaynor/projects/mozilla-central/security/manager/ssl/nsNSSCallbacks.cpp:859
#01: CanFalseStartCallback(PRFileDesc*, void*, int*)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x435c3f6]
#02: ssl3_CheckFalseStart[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/libnss3.dylib +0x1eba5c]
#03: ssl3_AuthCertificateComplete[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/libnss3.dylib +0x1eb687]
#04: SSL_AuthCertificateComplete[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/libnss3.dylib +0x202a7b]
#05: nsNSSSocketInfo::SetCertVerificationResult(int, mozilla::psm::SSLErrorMessageType)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x437a614]
#06: mozilla::psm::(anonymous namespace)::SSLServerCertVerificationResult::Run()[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x4347b1a]
#07: nsThread::ProcessNextEvent(bool, bool*)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x137622]
#08: NS_ProcessNextEvent(nsIThread*, bool)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x13a0b0]
#09: mozilla::net::nsSocketTransportService::Run()[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x23ced4]
[Child 76845] WARNING: We've already scheduled a task for background list flush.: file /Users/agaynor/projects/mozilla-central/parser/html/nsHtml5TreeOpExecutor.cpp, line 283
#10: non-virtual thunk to mozilla::net::nsSocketTransportService::Run()[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x23dc9d]
#11: nsThread::ProcessNextEvent(bool, bool*)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x137622]
#12: NS_ProcessNextEvent(nsIThread*, bool)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x13a0b0]
#13: mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x6d1642]
#14: MessageLoop::Run()[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x683743]
#15: nsThread::ThreadFunc(void*)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x134a36]
#16: _pt_root[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/libnss3.dylib +0x14a8ca]
#17: _pthread_body[/usr/lib/system/libsystem_pthread.dylib +0x393b]
#18: _pthread_body[/usr/lib/system/libsystem_pthread.dylib +0x3887]
Narrowed it down to dh1024.badssl.com which specifically causes the crash.
Franziskus, can you have a look?
Blocks: 1304923
Flags: needinfo?(franziskuskiefer)
Hm, I can't reproduce this but I can imagine where's it's coming from. I'll move this function into NSS soon to avoid any problems like this.
Flags: needinfo?(franziskuskiefer)
Assignee: nobody → franziskuskiefer
Comment on attachment 8905856 [details]
Bug 1397833 - don't assert on custom groups,

https://reviewboard.mozilla.org/r/177666/#review182830

lgtm with minor nits

::: commit-message-af5f4:1
(Diff revision 1)
> +Bug 1397833 - don't assert on custom groups, r?keeler

nit: maybe a bit more detail that this is specific to tls key exchange groups

::: devtools/client/locales/en-US/netmonitor.properties:775
(Diff revision 1)
>  # LOCALIZATION NOTE (netmonitor.security.keaGroup.none): This is the label
>  # displayed in the security tab describing the case when no group was used.
>  netmonitor.security.keaGroup.none=none
>  
> +# LOCALIZATION NOTE (netmonitor.security.keaGroup.custom): This is the label
> +# displayed in the security tab describing the case when no group was used.

s/no groups/a custom group/
Attachment #8905856 - Flags: review?(dkeeler) → review+
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/f13d106fc678
don't assert on custom TLS key-exchange groups, r=keeler
https://hg.mozilla.org/mozilla-central/rev/f13d106fc678
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in before you can comment on or make changes to this bug.