Closed
Bug 237635
Opened 20 years ago
Closed 8 years ago
Mozilla ignores return value of PKCS11 function C_DestroyObject
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 1267861
People
(Reporter: jnem6403, Unassigned)
References
(Depends on 1 open bug)
Details
(Whiteboard: [psm-logic])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 It seems, Mozilla ignores value of C_DestroyObject. I try to delete certificate and (my) PKCS11 library does not implement it yet. Library returns other value then CKR_OK (I have tested CKR_TOKEN_WRITE_PROTECTED, CKR_PIN_EXPIRED, CKR_PIN_EXPIRED.) but Mozilla ignores it and does not warn user, so user will think that everything went OK and certificate was successfully deleted. Reproducible: Always Steps to Reproduce: 1. Get any PKCS11 library 2. Modyfy C_DestroyObject to not work and return any other value then CKR_OK 3. Try to delete certificate in certificate dialog box Actual Results: Certificate disappears and user is not warn. User will think that certificate is deleted. Expected Results: Small message box "Delete failed".
Updated•20 years ago
|
Assignee: wchang0222 → rrelyea0264
Comment 1•20 years ago
|
||
I did find that PK11_FreeSymKey calls ->C_DestroyObject and ignores the return value, and that's a bug that should be fixed. But I doubt that's relevant to this bug, because this bug is about objects that get deleted when a cert is deleted, and certs don't contain SymKeys. PK11_DestroyObject doesn't ignore the value returned by the module, but perhaps one of its callers does.
Updated•19 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
Updated•18 years ago
|
QA Contact: jason.m.reid → libraries
Comment 2•17 years ago
|
||
I changed NSC_DestroyObject to always return CKR_DEVICE_ERROR . all.sh only reported 4 failures : Testing Certificate Key Usage Extension (1) List the FIPS module keys (certutil -K) Run PK11MODE in FIPS mode (pk11mode) Run PK11MODE in Non FIPS mode (pk11mode -n) So, there must be quite a few things in NSS that ignore the result, I am afraid. Interestingly, the test named : Delete the certificate and key from the FIPS module (certutil -D) did not fail with the broken softoken module. It turns out this test uses the undocumented certutil -F command, rather than certutil -D, as its name states. The certutil -F codepath calls PK11_DeleteTokenCertAndKey, which always returns SECSuccess. I will file a separate bug for that issue. I verified that certutil -D works as expected, and returns an error, but unfortunately that case isn't getting QA'ed right now. That will be a separate RFE as well.
Comment 3•17 years ago
|
||
The new test bug is bug 382775 . The bug about PK11_DeleteTokenCertAndKey is bug 382774 . I also confirmed the reporter's problem on Solaris with Firefox 2. When trying to delete a user cert, PSM calls PK11_DeleteTokenCertAndKey, which always returns SECSuccess. I don't know if PSM would display an error if it returned SECFailure. But this case can't be fixed until bug 382774 is fixed, so I'm marking it as a dependency for this bug. When trying to delete a peer cert, PSM calls SEC_DeletePermCertificate. That returns SECFailure. But PSM remains silent. That's a PSM bug.
Status: UNCONFIRMED → NEW
Depends on: 382774
Ever confirmed: true
OS: Windows XP → All
Hardware: PC → All
Updated•17 years ago
|
Assignee: rrelyea → kengert
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
Comment 4•17 years ago
|
||
FYI here were the stacks . My Firefox was opt, and NSS debug. (dbx) where current thread: t@1 =>[1] NSC_DestroyObject(hSession = 16777229U, hObject = 4140589174U), line 186 in "pkcs11c.c" [2] nssToken_DeleteStoredObject(instance = 0xa4c8c00), line 290 in "devtoken.c" [3] nssPKIObject_DeleteStoredObject(object = 0xa596f90, uhh = (nil), isFriendly = 1), line 342 in "pkibase.c" [4] NSSCertificate_DeleteStoredObject(c = 0xa596f90, uhh = (nil)), line 259 in "certificate.c" [5] SEC_DeletePermCertificate(cert = 0xa477350), line 101 in "stanpcertdb.c" [6] nsNSSCertificate::destructorSafeDestroyNSSReference(0xc049f68), at 0x8ea08a4 [7] nsNSSCertificate::~nsNSSCertificate(0xc049f68), at 0x8ea0753 [8] 0x8ea39b8(0xc049f68, 0x1), at 0x8ea39b8 [9] nsNSSCertificate::Release(0xc049f68), at 0x8ea0396 [10] XPCJSRuntime::GCCallback(0xbe21ba8, 0x1), at 0x859b8f3 [11] 0x8a78ee8(0xbe21ba8, 0x1), at 0x8a78ee8 [12] js_GC(0xbe21ba8, 0x0), at 0xfee52a2b [13] JS_GC(0xbe21ba8), at 0xfee27cde [14] nsJSContext::Notify(0xbf88458, 0xbf88580), at 0x8a78e1d [15] nsTimerImpl::Fire(0xbf88580), at 0xfed896da [16] handleTimerEvent(0xad2d1b8), at 0xfed897a7 [17] PL_HandleEvent(0xad2d1b8), at 0xfed84ad2 [18] PL_ProcessPendingEvents(0x97e1210), at 0xfed849f0 [19] nsEventQueueImpl::ProcessPendingEvents(0x97aec60), at 0xfed86846 [20] 0x87c8f7d(0x9a6f298, 0x1, 0x97aec60, 0x0, 0xfe83f3a0), at 0x87c8f7d [21] g_io_unix_dispatch(0xfe87fa48, 0x2, 0x97a58e8, 0xc8, 0x3, 0x9), at 0xfe83f3d2 and (dbx) where current thread: t@1 =>[1] NSC_DestroyObject(hSession = 16777230U, hObject = 4054902435U), line 186 in "pkcs11c.c" [2] nssToken_DeleteStoredObject(instance = 0xa4cb7e8), line 290 in "devtoken.c" [3] nssPKIObject_DeleteStoredObject(object = 0xa386998, uhh = (nil), isFriendly = 1), line 342 in "pkibase.c" [4] NSSCertificate_DeleteStoredObject(c = 0xa386998, uhh = (nil)), line 259 in "certificate.c" [5] SEC_DeletePermCertificate(cert = 0xa3675c0), line 101 in "stanpcertdb.c" [6] PK11_DeleteTokenCertAndKey(cert = 0xa3675c0, wincx = 0xa4d9e18), line 434 in "pk11cert.c" [7] nsNSSCertificate::destructorSafeDestroyNSSReference(0xa2bffb8), at 0x8ea0876 [8] nsNSSCertificate::~nsNSSCertificate(0xa2bffb8), at 0x8ea0753 [9] 0x8ea39b8(0xa2bffb8, 0x1), at 0x8ea39b8 [10] nsNSSCertificate::Release(0xa2bffb8), at 0x8ea0396 [11] XPCJSRuntime::GCCallback(0xaf714a8, 0x1), at 0x859b8f3 [12] 0x8a78ee8(0xaf714a8, 0x1), at 0x8a78ee8 [13] js_GC(0xaf714a8, 0x0), at 0xfee52a2b [14] JS_GC(0xaf714a8), at 0xfee27cde [15] nsJSContext::Notify(0xa836b00, 0x9fb7060), at 0x8a78e1d [16] nsTimerImpl::Fire(0x9fb7060), at 0xfed896da [17] handleTimerEvent(0xa13ec68), at 0xfed897a7 [18] PL_HandleEvent(0xa13ec68), at 0xfed84ad2 [19] PL_ProcessPendingEvents(0x97e1210), at 0xfed849f0 [20] nsEventQueueImpl::ProcessPendingEvents(0x97aec60), at 0xfed86846 [21] 0x87c8f7d(0x9a6f298, 0x1, 0x97aec60, 0x0, 0xfe83f3a0), at 0x87c8f7d [22] g_io_unix_dispatch(0xfe87fa48, 0x2, 0x97a58e8, 0xc8, 0x3, 0x9), at 0xfe83f3d2
Updated•14 years ago
|
Assignee: kaie → nobody
Whiteboard: [psm-logic]
PSM doesn't actually call PK11_DeleteTokenCertAndKey immediately after a certificate is marked for deletion, so there wouldn't be any way of reporting the failure to the user. So, there's either nothing to do here or the right thing will be done if/when the call to PK11_DeleteTokenCertAndKey is moved in bug 1267861.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•