1777672 - Crash with cert->nickname == 0

Status: RESOLVED FIXED

(NSS :: Libraries, defect)

Description

[Kai Engert (:KaiE:)]

Using Thunderbird 102 (NSS 3.79), I'm crashing with the following stack:

#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
#1  0x00007ffff77f1553 in PORT_ArenaStrdup_Util (arena=arena@entry=0x7fffdc396470, str=0x0)
    at /home/user/moz/comm-esr102/mozilla/security/nss/lib/util/secport.c:636
#2  0x00007ffff777348f in CERT_GetCertNicknameWithValidity
    (arena=arena@entry=0x7fffdc396470, cert=0x7fffc7809020, expiredString=expiredString@entry=0x7fffffff2dd4 " ", notYetGoodString=notYetGoodString@entry=0x7fffffff2d7c " ") at /home/user/moz/comm-esr102/mozilla/security/nss/lib/certhigh/certvfy.c:1914
#3  0x00007ffff7773623 in CERT_NicknameStringsFromCertList
    (certList=0x7fffc780d820, expiredString=0x0, notYetGoodString=0x7fffffff2d7c " ")
    at /home/user/moz/comm-esr102/mozilla/security/nss/lib/certhigh/certvfy.c:2023
#4  0x00007ffff3196938 in getNSSCertNicknamesFromCertList(std::unique_ptr<CERTCertListStr, mozilla::UniqueCERTCertListDeletePolicy> const&) (certList=std::unique_ptr<CERTCertListStr> = {...})
    at /home/user/moz/comm-esr102/mozilla/comm/mailnews/extensions/smime/nsCertPicker.cpp:65
#5  0x00007ffff3197660 in nsCertPicker::PickByUsage(nsIInterfaceRequestor*, char16_t const*, int, bool, bool, nsTSubstring<char16_t> const&, bool*, nsIX509Cert**) (this=<optimized out>, ctx=
    0x7fffc0a52970, selectedNickname=0x7fffce198200 u"CAcert WoT User [15:08:F9]", certUsage=<optimized out>, allowInvalid=<optimized out>, allowDuplicateNicknames=<optimized out>, emailAddress=..., canceled=0x7fffffff34c8, _retval=0x7fffffff34e0)
    at /home/user/moz/comm-esr102/mozilla/comm/mailnews/extensions/smime/nsCertPicker.cpp:332

cert->nickname is null

This was a valid personal certificate crom cacert. I had configured thunderbird in the past to use this for s/mime.

When trying to change the S/MIME certificate configuration, it crashes while attempting to create the UI display of available certificates.

I'm surprised that a nickname can be null. I thought it was guaranteed to be non-null in the past.

Comment 1

[Kai Engert (:KaiE:)]

Attachment: Bug 1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. r=rrelyea

Comment 2

[Kai Engert (:KaiE:)]

Bob, is it acceptable, or unexpected, that a cert structure contains a null nickname pointer?

Comment 3

[Robert Relyea]

The personal cert should have had a nickname, but the code should be robust against not having one, so your patch is good (I have one nit about what you should default the name to which I've indicated in my approval of the patch.

bob

Comment 4

[Kai Engert (:KaiE:)]

Bob, please see my response and change in phabricator. Is this acceptable?

Comment 5

[Robert Relyea]

I've updated the phabricator comment. I think you are good to go.

Comment 6

[BugBot [:suhaib / :marco/ :calixte]]

The severity field is not set for this bug.
:beurdouche, could you have a look please?

For more information, please visit auto_nag documentation.

Comment 7

[Kai Engert (:KaiE:)]

I think a crash deserves severity S2

Comment 8

[Kai Engert (:KaiE:)]

https://hg.mozilla.org/projects/nss/rev/164849c15197b753b3d011a4f810d42876b192f8

Comment 9

[Kai Engert (:KaiE:)]

RyanVM, FYI, we see crash reports on esr91, too.

Comment 10

[Benjamin Beurdouche [:beurdouche]]

https://hg.mozilla.org/projects/nss/rev/3b4cd48043dd2ad2d3fd4c9fbd4ef780ba6d1c4c (NSS_3_79_1_BRANCH)

Comment 11

[Benjamin Beurdouche [:beurdouche]]

Note that this change was forgotten from NSS 3.79.1 and was added to the NSS_3_79_1_BRANCH post-release.

However the commit was applied manually to Fx 102.2 to avoid making another NSS release on the fly
https://hg.mozilla.org/mozilla-unified/rev/3876d5327f44c991c9034c4112f33f147ab10ab9