Closed Bug 248887 Opened 21 years ago Closed 21 years ago

Crash if basic authentication against IIS6 fails only if compiled with GSSAPI NTLM support

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 256949
Milestone:
mozilla1.8beta1

People

(Reporter: priit.randla, Assigned: darin.moz)

Details

(Keywords: crash)

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040628 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040628 HTTP Basic authentication against W2003 IIS6 works, if using correct username&password, otherwise mozilla 1.7 crashes. Reproducible: Always Steps to Reproduce: 1.Try to open an IIS6-served basic authentication protected page. 2.Enter wrong username&password combination 3.No 'authentication failed' message, browser crashes Actual Results: crash Expected Results: new dialog box for additional username&password to verify Mozilla 1.7 built from source on RedHat9, build options: MOZILLA_OFFICIAL=1 ./configure \ --with-pthreads \ --disable-freetype2 \ --enable-xft \ --enable-default-toolkit=gtk2 \ --enable-xinerama \ --enable-strip-libs \ --disable-tests \ --disable-debug \ --disable-short-wchar \ --disable-accessibility \ --disable-view-source \ --enable-ldap-experimental \ --enable-nspr-autoconf \ --enable-extensions=default \ --disable-talkback \ --without-mng \ --enable-crypto \ --without-system-nspr \ --with-system-zlib \ --enable-xprint \ --enable-reorder \ --enable-strip \ --enable-xterm-updates \ --enable-cpp-rtti \ --enable-optimize='-O3 -march=i686 -mcpu=i686' \ --enable-cpp-exceptions \ --with-gssapi=/usr/kerberos MOZILLA_OFFICIAL=1 make When building with debug enabled, i got following stack trace: (gdb) bt #0 0xffffe002 in ?? () #1 0x0806c7c1 in do_GetInterface(nsISupports*, unsigned*) () #2 0x41d2d34b in nsProfileLock::FatalSignalHandler(int) () from /usr/local/mozilla/components/libprofile.so #3 <signal handler called> #4 0x0806dbc4 in do_GetInterface(nsISupports*, unsigned*) () #5 0x45bba58d in nsSubstring::~nsSubstring() () from /usr/local/mozilla/components/libpipnss.so #6 0x45bc6df9 in nsString::~nsString() () from /usr/local/mozilla/components/libpipnss.so #7 0x45c0843d in nsNTLMAuthModule::~nsNTLMAuthModule() () from /usr/local/mozilla/components/libpipnss.so #8 0x45c08269 in nsOnPK11LogoutCancelObject::logout() () from /usr/local/mozilla/components/libpipnss.so #9 0x40edd012 in nsISupportsPRUint32::GetIID() () from /usr/local/mozilla/components/libnecko.so #10 0x40eeeba8 in nsHttpChannel::GetCredentialsForChallenge(char const*, char const*, int, nsIHttpAuthenticator*, nsCString&) () from /usr/local/mozilla/components/libnecko.so #11 0x40eee7f5 in nsHttpChannel::GetCredentials(char const*, int, nsCString&) () from /usr/local/mozilla/components/libnecko.so #12 0x40eee5e4 in nsHttpChannel::ProcessAuthentication(unsigned) () from /usr/local/mozilla/components/libnecko.so #13 0x40eea1a8 in nsHttpChannel::ProcessResponse() () from /usr/local/mozilla/components/libnecko.so #14 0x40ef376d in non-virtual thunk to nsHttpChannel::SetCookie(char const*) () from /usr/local/mozilla/components/libnecko.so #15 0x40e32da1 in nsInputStreamPump::OnStateStart() () from /usr/local/mozilla/components/libnecko.so #16 0x40e32c4b in non-virtual thunk to nsInputStreamPump::QueryInterface(nsID const&, void**) () from /usr/local/mozilla/components/libnecko.so #17 0x40a941e0 in nsInputStreamReadyEvent::EventHandler(PLEvent*) () from /usr/local/mozilla/libxpcom.so #18 0x40ab60b4 in PL_HandleEvent () from /usr/local/mozilla/libxpcom.so #19 0x40ab5f98 in PL_ProcessPendingEvents () from /usr/local/mozilla/libxpcom.so #20 0x40ab8f17 in nsEventQueueImpl::NotifyObservers(char const*) () from /usr/local/mozilla/libxpcom.so #21 0x41c9dbc5 in nsCOMPtr<nsIProperties>::assign_from_qi(nsQueryInterface, nsID const&) () from /usr/local/mozilla/components/libwidget_gtk2.so #22 0x404d5ddf in g_vsnprintf () from /usr/lib/libglib-2.0.so.0 #23 0x404b4b35 in g_get_current_time () from /usr/lib/libglib-2.0.so.0 #24 0x404b5b78 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #25 0x404b5e8d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #26 0x404b658f in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #27 0x401dcf5f in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #28 0x41c9e1a0 in nsAppShell::ReleaseGlobals() () from /usr/local/mozilla/components/libwidget_gtk2.so #29 0x41bbd12e in nsAppShellService::CheckAndRemigrateDefunctProfile() () from /usr/local/mozilla/components/libnsappshell.so #30 0x08063f85 in getCountry(nsAString const&, nsAString&) () #31 0x08060757 in main () #32 0x42015704 in __libc_start_main () from /lib/tls/libc.so.6 (gdb) q
Keywords: crash
(In reply to comment #0) > User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040628 > Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040628 WFM - WinXP IIS5.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616
Crash happens even without building with --with-gssapi=/usr/kerberos Last output from mozilla: --WEBSHELL == 3 out-token: TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA= in-token: TlRMTVNTUAACAAAAEAAQADAAAAAFgokApz4kdLbjkdYAAAAAAAAAAI4AjgBAAAAAUgBFAFMATwBVAFIAQwBFAAIAEABSAEUAUwBPAFUAUgBDAEUAAQAOAE8AQwBUAE8AUABVAFMABAAmAHIAZQBzAG8AdQByAGMAZQAuAGEAZAAuAGUAeQBwAHMAaQBzAGUAAwA2AG8AYwB0AG8AcAB1AHMALgByAGUAcwBvAHUAcgBjAGUALgBhAGQALgBlAHkAcABzAGkAcwBlAAAAAACK NTLM type 2 message: target = 0x52 0x00 0x45 0x00 0x53 0x00 0x4f 0x00 R.E.S.O. 0x55 0x00 0x52 0x00 0x43 0x00 0x45 0x00 U.R.C.E. flags = 0x05 0x82 0x89 0x00 .... 0x00000001 (NegotiateUnicode) 0x00000004 (RequestTarget) 0x00000200 (NegotiateNTLMKey) 0x00008000 (NegotiateAlwaysSign) 0x00010000 (TargetTypeDomain) 0x00080000 (NegotiateNTLM2Key) 0x00800000 (NegotiateTargetInfo) challenge = 0xa7 0x3e 0x24 0x74 0xb6 0xe3 0x91 0xd6 ?>$t??.? out-token: TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAAAAABAAAAAEAAQAEAAAAAOAA4AUAAAAAAAAAAAAAAABYIIAGsAbwBwAG8AcABrAG8AcAB2ADMAdABlAHMAdAAzAAfWpaYOeF4cAAAAAAAAAAAAAAAAAAAAAE2rAUCry47g0gQLvAPe7SX0c1e/mKHn9Q== Program ./mozilla-bin (pid = 26752) received signal 11. Stack: _ZN13nsProfileLock18FatalSignalHandlerEi+0x000000FF [/usr/local/mozilla/components/libprofile.so +0x0002D34B] UNKNOWN [/lib/tls/libpthread.so.0 +0x000098F8] _ZN11nsSubstringD2Ev+0x0000001F [/usr/local/mozilla/components/libpipnss.so +0x0003C58D] _ZN8nsStringD1Ev+0x0000001F [/usr/local/mozilla/components/libpipnss.so +0x00048DF9] _ZN16nsNTLMAuthModuleD0Ev+0x00000051 [/usr/local/mozilla/components/libpipnss.so +0x0008A43D] UNKNOWN [/usr/local/mozilla/components/libpipnss.so +0x0008A269] UNKNOWN [/usr/local/mozilla/components/libnecko.so +0x0013C012] _ZN13nsHttpChannel26GetCredentialsForChallengeEPKcS1_iP20nsIHttpAuthenticatorR9nsCString+0x0000032C [/usr/local/mozilla/components/libnecko.so +0x0014DBA8] _ZN13nsHttpChannel14GetCredentialsEPKciR9nsCString+0x0000016D [/usr/local/mozilla/components/libnecko.so +0x0014D7F5] _ZN13nsHttpChannel21ProcessAuthenticationEj+0x000000CE [/usr/local/mozilla/components/libnecko.so +0x0014D5E4] _ZN13nsHttpChannel15ProcessResponseEv+0x000001FA [/usr/local/mozilla/components/libnecko.so +0x001491A8] UNKNOWN [/usr/local/mozilla/components/libnecko.so +0x0015276D] _ZN17nsInputStreamPump12OnStateStartEv+0x0000008B [/usr/local/mozilla/components/libnecko.so +0x00091DA1] UNKNOWN [/usr/local/mozilla/components/libnecko.so +0x00091C4B] _ZN23nsInputStreamReadyEvent12EventHandlerEP7PLEvent+0x00000060 [/usr/local/mozilla/libxpcom.so +0x000C11E0] PL_HandleEvent+0x0000004B [/usr/local/mozilla/libxpcom.so +0x000E30B4] PL_ProcessPendingEvents+0x000000A2 [/usr/local/mozilla/libxpcom.so +0x000E2F98] UNKNOWN [/usr/local/mozilla/libxpcom.so +0x000E5F17] UNKNOWN [/usr/local/mozilla/components/libwidget_gtk2.so +0x0002FBC5] UNKNOWN [/usr/lib/libglib-2.0.so.0 +0x00043DDF] UNKNOWN [/usr/lib/libglib-2.0.so.0 +0x00022B35] g_main_context_dispatch+0x00000098 [/usr/lib/libglib-2.0.so.0 +0x00023B78] UNKNOWN [/usr/lib/libglib-2.0.so.0 +0x00023E8D] g_main_loop_run+0x0000017F [/usr/lib/libglib-2.0.so.0 +0x0002458F] gtk_main+0x000000BF [/usr/lib/libgtk-x11-2.0.so.0 +0x000D3F5F] UNKNOWN [/usr/local/mozilla/components/libwidget_gtk2.so +0x000301A0] UNKNOWN [/usr/local/mozilla/components/libnsappshell.so +0x0004512E] UNKNOWN [./mozilla-bin +0x0001BF85] main+0x000002A3 [./mozilla-bin +0x00018757] __libc_start_main+0x000000E4 [/lib/tls/libc.so.6 +0x00015704] Sleeping for 5 minutes.
Crash happens also with official Mozilla 1.7 for Linux. Would anybody please suggest me how to catch the culprit? Something with IIS6 & NTLM I think...
related: bug 238316 ? Eventhough it's MacOSX, this bug report involves OWA, NTLM and crash only when cancelling.
-> me
Assignee: general → darin
Component: Browser-General → Networking: HTTP
QA Contact: general → core.networking.http
Target Milestone: --- → mozilla1.8alpha2
Status: UNCONFIRMED → NEW
Ever confirmed: true
Target Milestone: mozilla1.8alpha2 → mozilla1.8beta
Priit sent me an HTTP log via private email that showed the browser first accepting the NTLM challenge and then after that failed, the browser failed over to Negotiate auth. The strange thing is that Negotiate auth was listed before NTLM in the WWW-Authenticate header. Then, once we start trying to authenticate the user using Negotiate, we get stuck in an endless loop. Negotiate fails, but then we try Negotiate again :-( I think we might be able to solve this problem by testing the challenge and the continuationState variable passed into nsHttpNegotiateAuth::ChallengeReceived. If the continuationState is non-null, and the challenge is "Negotiate" with no parameters, then it indicates that we are starting over after a failed attempt. We probably should return an error in that case.
Status: NEW → ASSIGNED
Fixed with Bug 256949?
yes, sounds like it should be fixed. marking as a duplicate. priit: can you please verify that this bug has been fixed? please try a recent mozilla nightly trunk build or test with Firefox 1.0rc1. Thanks! http://ftp.mozilla.org/pub/mozilla.org/mozilla/nightly/latest-trunk/ http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0rc1/ *** This bug has been marked as a duplicate of 256949 ***
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Confirmed: 1.8a5 works as expected, thanks guys.
You need to log in before you can comment on or make changes to this bug.