Assertion failure: false (MOZ_ASSERT_UNREACHABLE: Invalid key exchange group.) in nsNSSCallbacks.cpp:859

RESOLVED FIXED in Firefox 57

Status

()

Core
Security: PSM
RESOLVED FIXED
11 months ago
11 months ago

People

(Reporter: Alex_Gaynor, Assigned: fkiefer)

Tracking

Trunk
mozilla57
Points:
---

Firefox Tracking Flags

(firefox57 fixed)

Details

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Reporter)

Description

11 months ago
(Wasn't sure if this belonged in nss, PSM, or something else)

Reproducible for me 100%, STR:

- Build nightly from hg (3c96d611ebd6)
- ./mach run
- Browse to badssl.com/dashboard/

Assertion failure: false (MOZ_ASSERT_UNREACHABLE: Invalid key exchange group.), at /Users/agaynor/projects/mozilla-central/security/manager/ssl/nsNSSCallbacks.cpp:859
#01: CanFalseStartCallback(PRFileDesc*, void*, int*)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x435c3f6]
#02: ssl3_CheckFalseStart[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/libnss3.dylib +0x1eba5c]
#03: ssl3_AuthCertificateComplete[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/libnss3.dylib +0x1eb687]
#04: SSL_AuthCertificateComplete[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/libnss3.dylib +0x202a7b]
#05: nsNSSSocketInfo::SetCertVerificationResult(int, mozilla::psm::SSLErrorMessageType)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x437a614]
#06: mozilla::psm::(anonymous namespace)::SSLServerCertVerificationResult::Run()[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x4347b1a]
#07: nsThread::ProcessNextEvent(bool, bool*)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x137622]
#08: NS_ProcessNextEvent(nsIThread*, bool)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x13a0b0]
#09: mozilla::net::nsSocketTransportService::Run()[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x23ced4]
[Child 76845] WARNING: We've already scheduled a task for background list flush.: file /Users/agaynor/projects/mozilla-central/parser/html/nsHtml5TreeOpExecutor.cpp, line 283
#10: non-virtual thunk to mozilla::net::nsSocketTransportService::Run()[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x23dc9d]
#11: nsThread::ProcessNextEvent(bool, bool*)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x137622]
#12: NS_ProcessNextEvent(nsIThread*, bool)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x13a0b0]
#13: mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x6d1642]
#14: MessageLoop::Run()[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x683743]
#15: nsThread::ThreadFunc(void*)[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/XUL +0x134a36]
#16: _pt_root[/Users/agaynor/projects/mozilla-central/obj-x86_64-apple-darwin16.7.0/dist/NightlyDebug.app/Contents/MacOS/libnss3.dylib +0x14a8ca]
#17: _pthread_body[/usr/lib/system/libsystem_pthread.dylib +0x393b]
#18: _pthread_body[/usr/lib/system/libsystem_pthread.dylib +0x3887]
(Reporter)

Comment 1

11 months ago
Narrowed it down to dh1024.badssl.com which specifically causes the crash.
Franziskus, can you have a look?
Blocks: 1304923
Flags: needinfo?(franziskuskiefer)
Comment hidden (mozreview-request)
Hm, I can't reproduce this but I can imagine where's it's coming from. I'll move this function into NSS soon to avoid any problems like this.
Flags: needinfo?(franziskuskiefer)
Assignee: nobody → franziskuskiefer

Comment 5

11 months ago
mozreview-review
Comment on attachment 8905856 [details]
Bug 1397833 - don't assert on custom groups,

https://reviewboard.mozilla.org/r/177666/#review182830

lgtm with minor nits

::: commit-message-af5f4:1
(Diff revision 1)
> +Bug 1397833 - don't assert on custom groups, r?keeler

nit: maybe a bit more detail that this is specific to tls key exchange groups

::: devtools/client/locales/en-US/netmonitor.properties:775
(Diff revision 1)
>  # LOCALIZATION NOTE (netmonitor.security.keaGroup.none): This is the label
>  # displayed in the security tab describing the case when no group was used.
>  netmonitor.security.keaGroup.none=none
>  
> +# LOCALIZATION NOTE (netmonitor.security.keaGroup.custom): This is the label
> +# displayed in the security tab describing the case when no group was used.

s/no groups/a custom group/
Attachment #8905856 - Flags: review?(dkeeler) → review+

Comment 6

11 months ago
This reproduced in bughunter and locally on Fedora 26 with:
https://football24.ua/vidbir_yevro_2019_u_21_andorra__ukrayina__06__video_goliv_i_oglyad_matchu_n404369/

Comment 7

11 months ago
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/f13d106fc678
don't assert on custom TLS key-exchange groups, r=keeler

Comment 8

11 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/f13d106fc678
Status: NEW → RESOLVED
Last Resolved: 11 months ago
status-firefox57: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in before you can comment on or make changes to this bug.