Closed Bug 1985058 Opened 10 months ago Closed 8 months ago

NSSDatabase::~NSSDatabase(): Assertion `NSS_Shutdown() == SECSuccess' failed

Categories

(NSS :: Libraries, defect, P1)

Tracking

(firefox-esr115 wontfix, firefox-esr140 wontfix, firefox144 wontfix, firefox145 wontfix, firefox146 fixed)

RESOLVED FIXED
Tracking Status
firefox-esr115 --- wontfix
firefox-esr140 --- wontfix
firefox144 --- wontfix
firefox145 --- wontfix
firefox146 --- fixed

People

(Reporter: mdauer, Assigned: mdauer)

References

(Blocks 1 open bug)

Details

(Keywords: sec-audit, Whiteboard: [fuzzblocker][adv-main146+r])

Attachments

(1 file)

48 bytes, text/x-phabricator-request
Details | Review

OSS-Fuzz: https://oss-fuzz.com/testcase-detail/5634135748313088

We hit this assertion very frequently for the PKCS7 fuzz target. It doesn't reproduce reliably unfortunately, running with valgrind also didn't reveal anything interesting for me. We should investigate further.

Whiteboard: [fuzzblocker]
Attached file (secure)

I looked a bit into this and from what I can tell, we just forget to destroy a certificate. We can remove the security restrictions.

Severity: -- → S3
Priority: -- → P1

Pushed by nkulatova@mozilla.com:
https://hg.mozilla.org/projects/nss/rev/a4e27f3fef2a
Destroy certificate on error paths, r=nss-reviewers,rrelyea

Status: NEW → RESOLVED
Closed: 8 months ago
Resolution: --- → FIXED
Group: crypto-core-security → core-security-release
QA Whiteboard: [sec] [qa-triage-done-c147/b146]
Whiteboard: [fuzzblocker] → [fuzzblocker][adv-main146+r]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: