Closed Bug 237635 Opened 20 years ago Closed 8 years ago

Mozilla ignores return value of PKCS11 function C_DestroyObject

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1267861

People

(Reporter: jnem6403, Unassigned)

References

(Depends on 1 open bug)

Details

(Whiteboard: [psm-logic]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113

It seems, Mozilla ignores value of C_DestroyObject. I try to delete certificate
and (my) PKCS11 library does not implement it yet. Library returns other value
then CKR_OK (I have tested CKR_TOKEN_WRITE_PROTECTED, CKR_PIN_EXPIRED,
CKR_PIN_EXPIRED.) but Mozilla ignores it and does not warn user, so user will
think that everything went OK and certificate was successfully deleted.

Reproducible: Always
Steps to Reproduce:
1. Get any PKCS11 library
2. Modyfy C_DestroyObject to not work and return any other value then CKR_OK
3. Try to delete certificate in certificate dialog box

Actual Results:  
Certificate disappears and user is not warn. User will think that certificate is
deleted.

Expected Results:  
Small message box "Delete failed".
Assignee: wchang0222 → rrelyea0264
I did find that PK11_FreeSymKey calls ->C_DestroyObject and ignores the 
return value, and that's a bug that should be fixed.  But I doubt that's
relevant to this bug, because this bug is about objects that get deleted
when a cert is deleted, and certs don't contain SymKeys.

PK11_DestroyObject doesn't ignore the value returned by the module, but
perhaps one of its callers does.
QA Contact: bishakhabanerjee → jason.m.reid
QA Contact: jason.m.reid → libraries
I changed NSC_DestroyObject to always return CKR_DEVICE_ERROR .

all.sh only reported 4 failures :

Testing Certificate Key Usage Extension (1)
List the FIPS module keys (certutil -K)
Run PK11MODE in FIPS mode (pk11mode)
Run PK11MODE in Non FIPS mode (pk11mode -n)

So, there must be quite a few things in NSS that ignore the result, I am afraid.

Interestingly, the test named :

Delete the certificate and key from the FIPS module (certutil -D)

did not fail with the broken softoken module.

It turns out this test uses the undocumented certutil -F command, rather than certutil -D, as its name states.

The certutil -F codepath calls PK11_DeleteTokenCertAndKey, which always returns SECSuccess. I will file a separate bug for that issue.

I verified that certutil -D works as expected, and returns an error, but unfortunately that case isn't getting QA'ed right now. That will be a separate RFE as well.

The new test bug is bug 382775 .
The bug about PK11_DeleteTokenCertAndKey is bug 382774 .

I also confirmed the reporter's problem on Solaris with Firefox 2.

When trying to delete a user cert, PSM calls PK11_DeleteTokenCertAndKey, which always returns SECSuccess. I don't know if PSM would display an error if it returned SECFailure. But this case can't be fixed until bug 382774 is fixed, so I'm marking it as a dependency for this bug.

When trying to delete a peer cert, PSM calls SEC_DeletePermCertificate. That returns SECFailure. But PSM remains silent. That's a PSM bug.
Status: UNCONFIRMED → NEW
Depends on: 382774
Ever confirmed: true
OS: Windows XP → All
Hardware: PC → All
Assignee: rrelyea → kengert
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
FYI here were the stacks . My Firefox was opt, and NSS debug.

(dbx) where
current thread: t@1
=>[1] NSC_DestroyObject(hSession = 16777229U, hObject = 4140589174U), line 186 in "pkcs11c.c"
  [2] nssToken_DeleteStoredObject(instance = 0xa4c8c00), line 290 in "devtoken.c"
  [3] nssPKIObject_DeleteStoredObject(object = 0xa596f90, uhh = (nil), isFriendly = 1), line 342 in "pkibase.c"
  [4] NSSCertificate_DeleteStoredObject(c = 0xa596f90, uhh = (nil)), line 259 in "certificate.c"
  [5] SEC_DeletePermCertificate(cert = 0xa477350), line 101 in "stanpcertdb.c"
  [6] nsNSSCertificate::destructorSafeDestroyNSSReference(0xc049f68), at 0x8ea08a4
  [7] nsNSSCertificate::~nsNSSCertificate(0xc049f68), at 0x8ea0753
  [8] 0x8ea39b8(0xc049f68, 0x1), at 0x8ea39b8
  [9] nsNSSCertificate::Release(0xc049f68), at 0x8ea0396
  [10] XPCJSRuntime::GCCallback(0xbe21ba8, 0x1), at 0x859b8f3
  [11] 0x8a78ee8(0xbe21ba8, 0x1), at 0x8a78ee8
  [12] js_GC(0xbe21ba8, 0x0), at 0xfee52a2b
  [13] JS_GC(0xbe21ba8), at 0xfee27cde
  [14] nsJSContext::Notify(0xbf88458, 0xbf88580), at 0x8a78e1d
  [15] nsTimerImpl::Fire(0xbf88580), at 0xfed896da
  [16] handleTimerEvent(0xad2d1b8), at 0xfed897a7
  [17] PL_HandleEvent(0xad2d1b8), at 0xfed84ad2
  [18] PL_ProcessPendingEvents(0x97e1210), at 0xfed849f0
  [19] nsEventQueueImpl::ProcessPendingEvents(0x97aec60), at 0xfed86846
  [20] 0x87c8f7d(0x9a6f298, 0x1, 0x97aec60, 0x0, 0xfe83f3a0), at 0x87c8f7d
  [21] g_io_unix_dispatch(0xfe87fa48, 0x2, 0x97a58e8, 0xc8, 0x3, 0x9), at 0xfe83f3d2

and

(dbx) where
current thread: t@1
=>[1] NSC_DestroyObject(hSession = 16777230U, hObject = 4054902435U), line 186 in "pkcs11c.c"
  [2] nssToken_DeleteStoredObject(instance = 0xa4cb7e8), line 290 in "devtoken.c"
  [3] nssPKIObject_DeleteStoredObject(object = 0xa386998, uhh = (nil), isFriendly = 1), line 342 in "pkibase.c"
  [4] NSSCertificate_DeleteStoredObject(c = 0xa386998, uhh = (nil)), line 259 in "certificate.c"
  [5] SEC_DeletePermCertificate(cert = 0xa3675c0), line 101 in "stanpcertdb.c"
  [6] PK11_DeleteTokenCertAndKey(cert = 0xa3675c0, wincx = 0xa4d9e18), line 434 in "pk11cert.c"
  [7] nsNSSCertificate::destructorSafeDestroyNSSReference(0xa2bffb8), at 0x8ea0876
  [8] nsNSSCertificate::~nsNSSCertificate(0xa2bffb8), at 0x8ea0753
  [9] 0x8ea39b8(0xa2bffb8, 0x1), at 0x8ea39b8
  [10] nsNSSCertificate::Release(0xa2bffb8), at 0x8ea0396
  [11] XPCJSRuntime::GCCallback(0xaf714a8, 0x1), at 0x859b8f3
  [12] 0x8a78ee8(0xaf714a8, 0x1), at 0x8a78ee8
  [13] js_GC(0xaf714a8, 0x0), at 0xfee52a2b
  [14] JS_GC(0xaf714a8), at 0xfee27cde
  [15] nsJSContext::Notify(0xa836b00, 0x9fb7060), at 0x8a78e1d
  [16] nsTimerImpl::Fire(0x9fb7060), at 0xfed896da
  [17] handleTimerEvent(0xa13ec68), at 0xfed897a7
  [18] PL_HandleEvent(0xa13ec68), at 0xfed84ad2
  [19] PL_ProcessPendingEvents(0x97e1210), at 0xfed849f0
  [20] nsEventQueueImpl::ProcessPendingEvents(0x97aec60), at 0xfed86846
  [21] 0x87c8f7d(0x9a6f298, 0x1, 0x97aec60, 0x0, 0xfe83f3a0), at 0x87c8f7d
  [22] g_io_unix_dispatch(0xfe87fa48, 0x2, 0x97a58e8, 0xc8, 0x3, 0x9), at 0xfe83f3d2
Assignee: kaie → nobody
Whiteboard: [psm-logic]
PSM doesn't actually call PK11_DeleteTokenCertAndKey immediately after a certificate is marked for deletion, so there wouldn't be any way of reporting the failure to the user. So, there's either nothing to do here or the right thing will be done if/when the call to PK11_DeleteTokenCertAndKey is moved in bug 1267861.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.