Closed Bug 1497258 Opened 7 years ago Closed 7 years ago

Failing MOZ_ASSERT((tempRV != Success) || ocspResponse.length() > 0); in NSSCertDBTrustDomain::CheckRevocation

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla64

Tracking Flags:

Tracking

Status

firefox64

---

fixed

People

(Reporter: mayhemer, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

bug 1497258 - remove unsound OCSP assertion from NSSCertDBTrustDomain::CheckRevocation r?mayhemer 7 years ago Dana Keeler (she/her) [:keeler] 46 bytes, text/x-phabricator-request		Details \| Review

Honza Bambas (:mayhemer)

Reporter

Description

•

7 years ago

https://searchfox.org/mozilla-central/rev/29aea2a2a3bd0f5e25ce0b60a76053fb25ba5149/security/certverifier/NSSCertDBTrustDomain.cpp#585 It's valid to get an empty 200 response.

Honza Bambas (:mayhemer)

Reporter

Comment 1

•

7 years ago

See: https://www.janbambas.cz/moz/logan/?https%3A//www.janbambas.cz/moz/logs/1497258.log#%7B%22show%22%3A%5B%7B%22name%22%3A%22nsHttpTransaction%22%2C%22on%22%3A9%2C%22clr%22%3A%22%23ffffb3%22%7D%5D%7D

Blocks: 1456489

Honza Bambas (:mayhemer)

Reporter

Comment 2

•

7 years ago

Note that this happens with socket process isolation patches (larch project branch) and patch from bug 1484751 applied. In the in log I can also see another request being made to this host (apparently another OCSP request) with 400 response: https://www.janbambas.cz/moz/logan/?https%3A//www.janbambas.cz/moz/logs/1497258.log#%7B%22show%22%3A%5B%7B%22name%22%3A%22nsHttpTransaction%22%2C%22on%22%3A11%2C%22clr%22%3A%22%23bebada%22%7D%5D%7D Hence, we may be sending something wrong in the request POST data as the socket process isolation patches are pretty much work in progress.

Dana Keeler (she/her) [:keeler]

Assignee

Comment 3

•

7 years ago

Attached file bug 1497258 - remove unsound OCSP assertion from NSSCertDBTrustDomain::CheckRevocation r?mayhemer — Details

In reimplementing the OCSP fetching code in bug 1456489, we improperly translated an assertion that relied on the nullness of a pointer to rely on the length of a data structure that was populated by reference. It turns out that this made the assertion invalid because we could return a successful result and have filled the data structure with zero-length data and it still would be valid to operate on (the decoding code returns a malformed input result in this case). To fix this, we can simply remove the assertion. This patch also adds a test to exercise this case.

Dana Keeler (she/her) [:keeler]

Assignee

Updated

•

7 years ago

Assignee: nobody → dkeeler

Priority: -- → P1

Whiteboard: [psm-assigned]

Dana Keeler (she/her) [:keeler]

Assignee

Comment 4

•

7 years ago

https://treeherder.mozilla.org/#/jobs?repo=try&revision=a22d53c43261339ff78f490b8b602b08e878a541

Pulsebot

Comment 5

•

7 years ago

Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9efc67c28c94 remove unsound OCSP assertion from NSSCertDBTrustDomain::CheckRevocation r=mayhemer

Eliza Balazs [:ebalazs_]

Comment 6

•

7 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/9efc67c28c94

Status: NEW → RESOLVED

Closed: 7 years ago

status-firefox64: affected → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla64

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Failing MOZ_ASSERT((tempRV != Success) || ocspResponse.length() > 0); in NSSCertDBTrustDomain::CheckRevocation

Categories

(Core :: Security: PSM, defect, P1)

Tracking

()

People

(Reporter: mayhemer, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Comment 3

Updated

Comment 4

Comment 5

Comment 6

Attachment

General

Description

File Name

Content Type