Closed Bug 164373 Opened 22 years ago Closed 22 years ago

Softoken crashes looking up large CRL

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: julien.pierre, Assigned: rrelyea)

References

Details

Attachments

(1 file, 1 obsolete file)

Same patch with WTC's comments
733 bytes, patch
wtc
: review+
Details | Diff | Splinter Review 
This is happening on the NSS 3.6 tip when doing a cert verification. The lookup
of the CRL causes a crash. I believe the regression occurred in the past 2 or 3
days. It might be a result of the memory leak fix.

On Solaris I could only reproduce it in the debug build. On OS/2 it happens on
the debug build too, and is reproducible evrey time. Here is the stack.
I thought I had a bug in my CRL cache code that caused the crash in my optimized
build last night - but it appears to be something else in softoken instead.

 Function                          | Part            
-----------------------------------+-----------------
 strlen                            | cpprmi36.dll:2  
 pk11_FindTokenAttribute           | PKCS11U.OBJ     
 pk11_FindAttribute                | PKCS11U.OBJ     
 NSC_GetAttributeValue             | PKCS11.OBJ      
 nssCKObject_GetAttributes         | CKHELPER.OBJ    
 nssCryptokiCRL_GetAttributes      | CKHELPER.OBJ    
 nssCRL_Create                     | CERTIFICATE.OBJ 
 crl_createObject                  | PKIBASE.OBJ     
 nssPKIObjectCollection_GetObjects | PKIBASE.OBJ     
 nssPKIObjectCollection_GetCRLs    | PKIBASE.OBJ     
 nssTrustDomain_FindCRLsBySubject  | TRUSTDOMAIN.OBJ 
 PK11_FindCrlByName                | PK11CERT.OBJ    
 SEC_FindCrlByKeyOnSlot            | CRL.OBJ         
 SEC_FindCrlByName                 | CRL.OBJ         
 SEC_CheckCRL                      | CERTVFY.OBJ     
 cert_VerifyCertChain              | CERTVFY.OBJ     
 CERT_VerifyCertificate            | CERTVFY.OBJ     
 ValidateCert                      | CERTUTIL.OBJ    
 main                              | CERTUTIL.OBJ    
 _start                            | EXESTRTI        
 0x1C04C183                        | DOSCALL1.DLL:4
Priority: -- → P1
Target Milestone: --- → 3.6
Assigned the bug to Bob.
Assignee: wtc → relyea
I have confirmed that this is due to the recent code changes - doing a "cvs
update -D 08/20/2002" in the softoken directory fixes the problem (although it
also restores the memory leak).
Depends on: 160635
The new patch moved retreiving the URL from a specific call to retrieve it to
pulling it out of the stored data entry structure.

The can happen in any case where you store the CRL without a URL. If you have a
URL, then in the causes where the previous code succeeded, fetching the URL
would fail.
Comment on attachment 96685 [details] [diff] [review]
Check crl->url, not a random uninitialzed variable .

Bob,

With this patch, 'url' becomes an unused
variable and should be removed.
Attachment #96685 - Flags: needs-work+
Yes, A better warning should have been 'this variable is uninitialized' before
the patch;).

bob

        Attachment #96685 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 96728 [details] [diff] [review]
Same patch with WTC's comments

r=wtc.

        Attachment #96728 -
        Flags: review+

    
    

    
  
Thanks, Bob. This latest patch resolved the problem.


    
    

    
  
patch fixed the problem
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: