Closed
Bug 204980
Opened 21 years ago
Closed 21 years ago
Crash importing a PKCS#12 file
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.9
People
(Reporter: julien.pierre, Assigned: rrelyea)
Details
(Whiteboard: [Version 3.9])
Attachments
(1 file)
2.20 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
This happened when using Mozilla with the tip of NSS and importing a PKCS#12 file to a smartcard. NTDLL! DbgBreakPoint address 0x77f9180c PR_Lock(PRLock * 0x02a8bea8) line 235 + 40 bytes nssSession_EnterMonitor(nssSessionStr * 0x037b6510) line 847 + 20 bytes import_object(NSSTokenStr * 0x02b13930, nssSessionStr * 0x00000000, CK_ATTRIBUTE * 0x0012e774, unsigned long 0x00000009) line 345 + 9 bytes nssToken_ImportCertificate(NSSTokenStr * 0x02b13930, nssSessionStr * 0x00000000, int 0x00000001, NSSItemStr * 0x03aab1fc, char * 0x03b38cd8, NSSItemStr * 0x03aab204, NSSItemStr * 0x03aab20c, NSSItemStr * 0x03aab214, NSSItemStr * 0x03aab21c, char * 0x00000000, int 0x00000001) line 669 + 21 bytes PK11_ImportCert(PK11SlotInfoStr * 0x02a8b918, CERTCertificateStr * 0x03aab9c0, unsigned long 0x031c4dd8, char * 0x03b38cd8, int 0x00000001) line 1804 + 58 bytes PK11_ImportCertForKeyToSlot(PK11SlotInfoStr * 0x02a8b918, CERTCertificateStr * 0x03aab9c0, char * 0x03b38cd8, int 0x00000001, void * 0x00000000) line 3085 + 25 bytes sec_pkcs12_add_cert(sec_PKCS12SafeBagStr * 0x03b84ba0, int 0x00000001, void * 0x00000000) line 2365 + 26 bytes sec_pkcs12_install_bags(sec_PKCS12SafeBagStr * * 0x02b82060, void * 0x00000000) line 2817 + 32 bytes SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContextStr * 0x036ed3a8) line 2872 + 22 bytes PIPNSS! NSGetModule + 20158 bytes PIPNSS! NSGetModule + 19754 bytes PIPNSS! NSGetModule + 70902 bytes XPCOM! NS_AddFastLoadChecksums(unsigned int,unsigned int,unsigned int) + 104123 bytes XPC3250! NSGetModule + 25915 bytes XPC3250! NSGetModule + 39373 bytes JS3250! js_Invoke + 1136 bytes JS3250! js_Invoke + 21985 bytes JS3250! js_Invoke + 1197 bytes JS3250! js_Invoke + 1798 bytes JS3250! JS_CallFunctionValue + 30 bytes JSDOM! NSGetModule + 10384 bytes JSDOM! NSGetModule + 123688 bytes GKLAYOUT! NSGetModule + 959750 bytes GKLAYOUT! NSGetModule + 964773 bytes GKLAYOUT! NS_CreateHTMLElement(class nsIHTMLContent * *,class nsINodeInfo *,int) + 532045 bytes GKLAYOUT! NSGetModule + 41135 bytes GKLAYOUT! NSGetModule + 538080 bytes GKLAYOUT! NSGetModule + 537815 bytes GKLAYOUT! NSGetModule + 40992 bytes GKLAYOUT! NSGetModule + 40573 bytes GKLAYOUT! NSGetModule + 983560 bytes GKLAYOUT! NSGetModule + 978824 bytes GKLAYOUT! NSGetModule + 41035 bytes GKLAYOUT! NSGetModule + 39983 bytes GKLAYOUT! NS_CreateHTMLElement(class nsIHTMLContent * *,class nsINodeInfo *,int) + 431577 bytes GKLAYOUT! NS_CreateHTMLElement(class nsIHTMLContent * *,class nsINodeInfo *,int) + 439564 bytes GKLAYOUT! NS_CreateHTMLElement(class nsIHTMLContent * *,class nsINodeInfo *,int) + 441613 bytes GKWIDGET! NSGetModule + 2384 bytes GKWIDGET! NSGetModule + 17152 bytes GKWIDGET! NSGetModule + 18154 bytes GKWIDGET! NSGetModule + 3770 bytes USER32! SetWindowPlacement + 80 bytes USER32! TranslateMessageEx + 1541 bytes USER32! DispatchMessageW + 11 bytes APPSHELL! NSGetModule + -20582 bytes MOZILLA! nsString::Length(void) + 919 bytes MOZILLA! nsDependentCString::nsDependentCString(char const *) + 1468 bytes KERNEL32! ProcessIdToSessionId + 381 bytes
Comment 1•21 years ago
|
||
Did you have a pkcs11rc file for MUSCLE? Did you set the Threaded option to True?
Reporter | ||
Comment 2•21 years ago
|
||
No, I didn't have a pkcs11rc . FYI, this bug is reproducible on the tip of NSS. I'm going to reformat the token once more and try with a different NSS release.
Reporter | ||
Comment 3•21 years ago
|
||
The import worked in Netscape 7.02, which uses NSS 3.5 . It failed with a version of NSS 3.9 I built on 4/30 . I will try with a more recent tip.
Reporter | ||
Comment 4•21 years ago
|
||
The crash also happens with pk12util using the current tip. Threading shouldn't be an issue. NTDLL! DbgBreakPoint address 0x77f9180c PR_Lock(PRLock * 0x00540418) line 235 + 40 bytes nssSession_EnterMonitor(nssSessionStr * 0x0054b780) line 847 + 20 bytes import_object(NSSTokenStr * 0x00548e98, nssSessionStr * 0x00000000, CK_ATTRIBUTE * 0x0012fd30, unsigned long 0x00000009) line 345 + 9 bytes nssToken_ImportCertificate(NSSTokenStr * 0x00548e98, nssSessionStr * 0x00000000, int 0x00000001, NSSItemStr * 0x0055176c, char * 0x00552d70, NSSItemStr * 0x00551774, NSSItemStr * 0x0055177c, NSSItemStr * 0x00551784, NSSItemStr * 0x0055178c, char * 0x00000000, int 0x00000001) line 669 + 21 bytes PK11_ImportCert(PK11SlotInfoStr * 0x00540cd8, CERTCertificateStr * 0x0054dbd8, unsigned long 0x00b64e08, char * 0x00552d70, int 0x00000001) line 1804 + 58 bytes PK11_ImportCertForKeyToSlot(PK11SlotInfoStr * 0x00540cd8, CERTCertificateStr * 0x0054dbd8, char * 0x00552d70, int 0x00000001, void * 0x0012ff30) line 3085 + 25 bytes sec_pkcs12_add_cert(sec_PKCS12SafeBagStr * 0x005592b0, int 0x00000001, void * 0x0012ff30) line 2365 + 26 bytes sec_pkcs12_install_bags(sec_PKCS12SafeBagStr * * 0x0055f1a8, void * 0x0012ff30) line 2817 + 32 bytes SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContextStr * 0x0054d2e0) line 2872 + 22 bytes P12U_ImportPKCS12Object(char * 0x004b4020, PK11SlotInfoStr * 0x00540cd8, secuPWData * 0x0012ff30, secuPWData * 0x0012ff44) line 454 + 9 bytes main(int 0x00000007, char * * 0x004b2cb8) line 839 + 21 bytes PK12UTIL! mainCRTStartup + 227 bytes KERNEL32! ProcessIdToSessionId + 381
Comment 5•21 years ago
|
||
The reason I asked whether the PKCS #11 module in question is thread-safe is that I suspect this is a regression introduced by Bob's checkin for bug 202593 (attachment 121025 [details] [diff] [review]). Bob, could you take a look at this? The crash in PR_Lock is an assertion failure that means the thread tries to lock a lock it already owns: 222 PR_IMPLEMENT(void) PR_Lock(PRLock *lock) 223 { 224 PRThread *me = _PR_MD_CURRENT_THREAD(); ... 234 #ifdef _PR_GLOBAL_THREADS_ONLY 235 PR_ASSERT(lock->owner != me); ...
Assignee: wtc → relyea
Severity: normal → critical
Priority: -- → P1
Target Milestone: --- → 3.9
Comment 6•21 years ago
|
||
This assertion failure is indeed a regression introduced by Bob's checkin for bug 202593. After trying several solutions Bob and I settled on this patch. Bob, please review the comments in the patch and make sure I explain the fix correctly.
Assignee | ||
Comment 7•21 years ago
|
||
Comment on attachment 122900 [details] [diff] [review] Proposed patch r=relyea
Attachment #122900 -
Flags: review+
Comment 8•21 years ago
|
||
Fix checked into the tip (3.9) on Saturday (May 10) morning. Note that the version of this bug should say 3.9 instead of 3.8.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Whiteboard: [Version 3.9]
You need to log in
before you can comment on or make changes to this bug.
Description
•