Closed Bug 1696579 Opened 5 years ago Closed 5 years ago

Authenticode Signatures are broken in crash-stats

Categories

(Toolkit :: Crash Reporting, defect)

Product:
Toolkit
Component:
Crash Reporting
Platform:
Unspecified
Windows
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
89 Branch
Tracking Flags:
Tracking Status
firefox89 --- fixed

People

(Reporter: bugzilla, Assigned: gsvelto)

References

Details

Attachments

(1 file)

Bug 1696579 - Store all authenticode signaures when analyzing a minidump r=KrisWright
48 bytes, text/x-phabricator-request
Details | Review

Suppose an injected DLL modifies xul.dll in some way such that xul.dll later crashes.

Because of the changes made in bug 1649443, the resulting crash report will not contain information such as the injected DLL's authenticode signature, since the DLL was not actuall present on the call stack.

As an example, the modules tab in this crash report only includes the signature for xul.dll.

Flags: needinfo?(gsvelto)

Bug 1649443 only changed the list of modules that are included in crash pings, it did not change how we handle crash reports sent to crash-stats. I don't know how the "Signed By" field is populated but my guess is that this comes from the minidump_stackwalk tool so I'll check that out next week and see why it's not showing signatures for those DLLs.

Flags: needinfo?(gsvelto)
Keywords: regression
No longer regressed by: 1649443

This is a regression caused by that bug. The signatures are pulled in minidump-stackwalk by walking that list of modules that is now being filtered by bug 1649443.

That's another stack walker. bug 1649443 changed the minidump-analyzer tool that we ship with Firefox and run on the client to generate the stack trace for the crash ping. What we use on Socorro is minidump-stackwalk and it's built from these sources. For added confusion what gets installed on your machine by the bootstrap step is called minidump_stackwalk and it's built from these sources in mozilla-central.

This mess is an historical artifact and we have bug 1487410 on file to try and replace all different stack walkers with just one. In my defense I must say that we used to have a fourth stack walker for automation but now we're down to "just" three.

Oh wait, now I get it, we don't extract the signatures on Socorro, we extract them locally and we do it in minidump-analyzer. I'll pick this up to fix it.

Assignee: nobody → gsvelto
Status: NEW → ASSIGNED

While writing the fix for this bug and for bug 1702043 I realized we could also include the signatures for the unloaded modules. WDYT? Would that be useful?

Flags: needinfo?(aklotz)

Yeah, if we're including unloaded modules in the report, let's pull their signatures too!

Flags: needinfo?(aklotz)

This fixes the regression introduced with bug 1649443 and also includes
signatures from unloaded modules.

Pushed by gsvelto@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/da760935080d Store all authenticode signaures when analyzing a minidump r=KrisWright

https://hg.mozilla.org/mozilla-central/rev/da760935080d

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox89: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 89 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: