Closed Bug 157750 Opened 22 years ago Closed 22 years ago

Crash when reading certain encrypted S/Mime messages

Categories

(NSS :: Libraries, defect, P1)

x86
Linux

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: KaiE, Assigned: wtc)

Details

(Keywords: crash, Whiteboard: [ADT2 RTM])

Attachments

(2 files)

The crash might depend on my particular cert db, but I will test with a new cert
db, after importing my private key.
I only see it with one particular message.

The crash is in pk11_fastCert. An object "co" created by
nssCryptokiObject_Create contains a NULL co->label. The function tries to
execute PORT_strlen on that NULL pointer and crashes.

I'm attaching the stack trace.
Attached file Crash Stack Trace
Bob, is it normal for a nssCryptokiObject created by
nssCryptokiObject_Create to have a null "label" field?
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 3.6
Version: unspecified → 3.5
I tried with a fresh profile and imported my p12 file. Using it I can read the
message and do not crash.

This means, this bug is about migrated profiles.

I don't believe my NSS cert database is corrupted. I have been using it for a
while, and every other operation correctly succeeds.

Unfortunately, I can't give you the cert database, as it contains my personal
private keys.
Yes, it's possible for some certs not to have a label (peer certs). That
appears to be the type of cert kaie is looking at. Why it hasn't crashed before
is a mystery to me (probably because you can dereference through a NULL pointer
on NT).

This patch should restore the expected behaviour.

bob
Thanks, Bob!
This patch fixes the crash for me.
Comment on attachment 91524 [details] [diff] [review]
Don't return a nickname if there isn't a nickname to return.

r=kaie

Obvious null check.
Attachment #91524 - Flags: review+
Comment on attachment 91524 [details] [diff] [review]
Don't return a nickname if there isn't a nickname to return.

r=wtc.	By the way, the pk11_fastCert function should
be made static because it's not used outside the
pk11cert.c file.

Kai, could you test this patch?
Yes, I tested the patch and it fixes the crash.
nominating as a very important crash fix, as this seems to happen to some people
very often.
Whiteboard: [ADT1 RTM]
Keywords: crash
adding adt1.0.1+ and lowering to an adt2.  Please get drivers approval before
checking into the branch.
Keywords: adt1.0.1adt1.0.1+
Whiteboard: [ADT1 RTM] → [ADT2 RTM]
Comment on attachment 91524 [details] [diff] [review]
Don't return a nickname if there isn't a nickname to return.

a=chofmann for 1.1a trunk and 1.0.1 branch.
Attachment #91524 - Flags: approval+
The fix has been checked into the tip, NSS_3_5_BRANCH, NSS_CLIENT_TAG,
and MOZILLA_1_0_BRANCH of NSS.

Should I add the fix1.0.1 keyword?
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Target Milestone: 3.6 → 3.5
Thanks for checking in. Updating keywords.
Verified 20020826 Branch build.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: