Closed
Bug 263428
Opened 20 years ago
Closed 20 years ago
Reproducable Crash when entering security information in authentication window as requeted by server
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: paul79, Assigned: darin.moz)
Details
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20041007
Build Identifier: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20041007
On a web page on our intranet, it's required that a all means of communication
is done over secure channels. This secure channel is done over 3 seperate means:
a) SSL to establish the initial connection
b) Standard Username/Password Combonation generated by .htaccess or similar.
c) Username/Password then authenticated against radius or ldap server (not sure
which)
Upon enter these credential, and hitting the button to procede, mozilla crashes
with SIGSEGV in a strlen() system call.
Reproducible: Always
Steps to Reproduce:
On our intranet:
1. Go to an ssl site: present a list of links.
2. Click on a link (still in ssl at this point), which prompts for a
username/password (note: this isn't html. this is mozilla generating the
username/password window)
3. Type in username and password information, followed by clicking on the button
to proceed.
4. CRASH, BOOM, WHACK, SLAM, etc.
Actual Results:
Resulted in a crash.
Expected Results:
Expected to good those good ole' docs hidden somewhere in our intranet.
Lucky% ./run-mozilla.sh -g
MOZILLA_FIVE_HOME=.
LD_LIBRARY_PATH=.:./plugins:/usr/X11R6/lib/browser_plugins:.
DISPLAY=:1.0
DYLD_LIBRARY_PATH=.:.
LIBRARY_PATH=.:./components:.
SHLIB_PATH=.:.
LIBPATH=.:.
ADDON_PATH=.
MOZ_PROGRAM=./mozilla-bin
MOZ_TOOLKIT=
moz_debug=1
moz_debugger=
/usr/bin/gdb ./mozilla-bin -x /tmp/mozargs97293
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
(gdb) r
Starting program: /usr/X11R6/lib/mozilla/mozilla-bin
Type Manifest File: /usr/X11R6/lib/mozilla/components/xpti.dat
+++ JavaScript debugging hooks installed.
nsNativeComponentLoader: autoregistering begins.
nsNativeComponentLoader: autoregistering succeeded
nNCL: registering deferred (0)
GFX: dpi=86 t2p=0.0588235 p2t=17 depth=24
++WEBSHELL == 1
++DOMWINDOW == 1
For application/x-java-vm found plugin /usr/local/jdk1.4.2/jre/plugin/i386/ns610
/libjavaplugin_oji.so
LoadPlugin() /usr/local/jdk1.4.2/jre/plugin/i386/ns610/libjavaplugin_oji.so retu
rned 81c57a0
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsPermissionManager.cpp,
line 622
++WEBSHELL == 2
++DOMWINDOW == 2
Note: verifyreflow is disabled
Note: styleverifytree is disabled
Note: frameverifytree is disabled
++WEBSHELL == 3
++DOMWINDOW == 3
Document http://www.mozilla.org/start/ loaded successfully
###!!! ASSERTION: Please remove this from the document properly: '!mDocument', f
ile nsGenericElement.cpp, line 810
Break: at file nsGenericElement.cpp, line 810
###!!! ASSERTION: Please remove this from the document properly: '!mDocument', f
ile nsGenericElement.cpp, line 810
Break: at file nsGenericElement.cpp, line 810
Document https://construct.datapipe.com/ loaded successfully
Program received signal SIGSEGV, Segmentation fault.
0x489c3119 in strlen () from /lib/libc.so.5
(gdb) bt
#0 0x489c3119 in strlen () from /lib/libc.so.5
#1 0xffffffff in ?? ()
#2 0x4a413c9f in LogGssError(unsigned, unsigned, char const*) (
maj_stat=851968, min_stat=2529639048, prefix=0x0)
at ../../dist/include/string/nsTSubstring.h:249
#3 0x4a414b9e in nsHttpGssapiAuth::GenerateCredentials(nsIHttpChannel*, char co
nst*, int, unsigned short const*, unsigned short const*, unsigned short const*,
nsISupports**, nsISupports**, char**) (this=0x0, httpChannel=0xd0000,
challenge=0x1a <Error reading address 0x1a: Bad address>, isProxyAuth=0,
domain=0x0, username=0x0, password=0x0, sessionState=0xbfbfe1e4,
continuationState=0x0, creds=0xbfbfe274) at nsHttpGssapiAuth.cpp:375
#4 0x48e5c99d in nsHttpChannel::GenCredsAndSetEntry(nsIHttpAuthenticator*, int,
char const*, char const*, int, char const*, char const*, char const*, nsHttpAut
hIdentity const&, nsCOMPtr<nsISupports>&, char**) (this=0x88e0c00,
auth=0x83fa060, proxyAuth=0, scheme=0x0, host=0x0, port=0, directory=0x0,
realm=0x0, challenge=0xbfbfe4c8 "Negotiate", ident=@0x88e0d14,
sessionState=@0xbfbfe2a0, result=0xbfbfe274) at nsHttpAuthCache.h:83
#5 0x48e5d2bf in nsHttpChannel::GetCredentialsForChallenge(char const*, char co
nst*, int, nsIHttpAuthenticator*, nsCString&) (this=0x88e0c00,
challenge=0xbfbfe4c8 "Negotiate", authType=0x0, proxyAuth=0,
auth=0x83fa060, creds=@0xbfbfe550)
at ../../../../dist/include/string/nsTString.h:113
#6 0x48e5cdab in nsHttpChannel::GetCredentials(char const*, int, nsCString&) (
this=0x88e0c00,
challenges=0x87e3c88 "Negotiate\nNTLM\nBasic realm=\"datapipe-corp.net\"",
proxyAuth=0, creds=@0xbfbfe550)
at ../../../../dist/include/string/nsTString.h:113
#7 0x48e5cb41 in nsHttpChannel::ProcessAuthentication(unsigned) (
this=0x87e3c91, httpStatus=142490760) at nsHttpChannel.cpp:1990
#8 0x48e57a05 in nsHttpChannel::ProcessResponse() (this=0x88e0c00)
at nsHttpChannel.cpp:714
#9 0x48e628f7 in nsHttpChannel::OnStartRequest(nsIRequest*, nsISupports*) (
this=0x88e0c00, request=0x87fb200, ctxt=0x0) at nsHttpChannel.cpp:3462
#10 0x48d985b6 in nsInputStreamPump::OnStateStart() (this=0x87fb200)
at ../../../dist/include/xpcom/nsCOMPtr.h:710
#11 0x48d984fe in nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) (
this=0x87fb200, stream=0x87fc00c) at nsInputStreamPump.cpp:333
#12 0x48b505de in nsInputStreamReadyEvent::EventHandler(PLEvent*) (plevent=0x0)
at ../../dist/include/xpcom/nsCOMPtr.h:710
#13 0x48b7201c in PL_HandleEvent (self=0x8866800) at plevent.c:673
#14 0x48b71ed9 in PL_ProcessPendingEvents (self=0x811c7c0) at plevent.c:608
#15 0x48b7502e in nsEventQueueImpl::ProcessPendingEvents() (this=0x811c740)
at nsEventQueue.cpp:391
#16 0x499d34f5 in event_processor_callback (source=0x8311a00,
condition=G_IO_IN, data=0xbfbfe050) at nsAppShell.cpp:67
#17 0x487a89f4 in g_io_unix_dispatch () from /usr/local/lib/libglib-2.0.so.400
#18 0x48782d04 in g_main_dispatch () from /usr/local/lib/libglib-2.0.so.400
#19 0x48783c3d in g_main_context_dispatch ()
from /usr/local/lib/libglib-2.0.so.400
#20 0x4878404c in g_main_context_iterate ()
from /usr/local/lib/libglib-2.0.so.400
#21 0x48784791 in g_main_loop_run () from /usr/local/lib/libglib-2.0.so.400
#22 0x482c93c0 in gtk_main () from /usr/X11R6/lib/libgtk-x11-2.0.so.400
#23 0x499d3ae6 in nsAppShell::Run() (this=0x8151ce0) at nsAppShell.cpp:142
#24 0x49920c59 in nsAppShellService::Run() (this=0x8151ce0)
at ../../../dist/include/xpcom/nsCOMPtr.h:710
#25 0x0805882b in main1 (argc=1, argv=0xbfbfeb64, nativeApp=0x0)
at ../../dist/include/xpcom/nsCOMPtr.h:710
#26 0x08059c68 in main (argc=1, argv=0xbfbfeb64) at nsAppRunner.cpp:1780
#27 0x08053c02 in _start ()
|
||
Comment 1•20 years ago
|
||
Looks like we pass null for the prefix and then try to strlen() it.... Note that all this code is gone on the trunk as far as I can tell, so this is branch-only.
Assignee: general → darin
Status: UNCONFIRMED → NEW
Component: Browser-General → Networking: HTTP
Ever confirmed: true
QA Contact: general → core.networking.http
Version: Trunk → 1.7 Branch
|
Assignee | |
Comment 2•20 years ago
|
||
this code is gone on the 1.7 branch too... the trunk version of this code was landed on the 1.7 and aviary 1.0 branches. so, this will be fixed when 1.7.5 is released. see bug 237586
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•