Closed Bug 1765763 Opened 3 years ago Closed 3 years ago

Crash in [@ nss_builtins_FindObjectsInit | builtins_mdSession_FindObjectsInit]

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86
Windows 10
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: wsmwk, Unassigned)

Details

(Keywords: crash, Whiteboard: [rare])

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/6d360181-89a5-4b57-b09e-14e9c0220419

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0 nssckbi.dll nss_builtins_FindObjectsInit security/nss/lib/ckfw/builtins/bfind.c:216
1 nssckbi.dll builtins_mdSession_FindObjectsInit security/nss/lib/ckfw/builtins/bsession.c:26
2 nssckbi.dll nssCKFWSession_FindObjectsInit security/nss/lib/ckfw/session.c:1594
3 nssckbi.dll NSSCKFWC_FindObjectsInit security/nss/lib/ckfw/wrap.c:2476
4 nssckbi.dll builtinsC_FindObjectsInit security/nss/lib/ckfw/nssck.api:681
5 nss3.dll pk11_FindObjectsByTemplate security/nss/lib/pk11wrap/pk11obj.c:1865
6 nss3.dll PK11_InitToken security/nss/lib/pk11wrap/pk11slot.c:1388
7 nss3.dll PK11_InitSlot security/nss/lib/pk11wrap/pk11slot.c:1569
8 nss3.dll secmod_LoadPKCS11Module security/nss/lib/pk11wrap/pk11load.c:604
9 nss3.dll SECMOD_LoadModule security/nss/lib/pk11wrap/pk11pars.c:1946

Barely exists. now as signature memcmp | nsslibc_memequal | nss_builtins_FindObjectsInit | builtins_mdSession_FindObjectsInit

bp-db2b209e-f785-471d-8fd9-ba1f00220817

Is this worth keeping / tracking?

Severity: S2 → S4
Flags: needinfo?(kaie)
Whiteboard: [rare]

According to the stack, the crash isn't in Thunderbird specific code. It look like it's in the socket transport, probably related to a TLS connection.

NSS team, are you aware of this crash, do you want to track it?

Assignee: nobody → nobody
Group: mail-core-security → crypto-core-security
Component: Security → Libraries
Flags: needinfo?(kaie)
Product: Thunderbird → NSS
Version: Thunderbird 91 → other

Seen with ESR 102.1.2

Since PK11_InitToken is in the stack, we can infer that the pk11_FindObjectsByTemplate call is in pk11_ReadProfileList. This function searches a PKCS#11 token for an object with a fixed set of attributes. In this case, it's searching the builtin roots token, so it's searching over a read-only data segment of a shared library. This code is executed unconditionally every time the builtins module is loaded, and there's no user-controlled data in play, so this isn't a sec-bug.

The report linked in comment 1 has crash reason "EXCEPTION_IN_PAGE_ERROR_READ / STATUS_UNEXPECTED_NETWORK_ERROR". So I think the user has stored libnssckbi on network media that has gone away during the search.

Group: crypto-core-security
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.