279138 - Thunderbird crashes when encrypting a message using a PKI Certificate [@ strlen] [@ PK11_FindSMimeProfile]

Status: VERIFIED DUPLICATE of bug 263596

(NSS :: Libraries, defect, P1)

Description

[Simon Woods]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Siemens has had its own PKI issuing infrastructure for several years now and the
most recent certificates are conformant with the new Mail Clients. The problem
is however when I try to send an encrypted mail to someone thunderbird crashes.
This occures in Thunderbird 1.0 (20041206), but I have also observed this in
earlier versions.


Reproducible: Always

Steps to Reproduce:
1. Import Siemens base certificate
2. Import Users public certificate
3. compose mail to user
4. Select Security -> Encrypt this message
5. Send

Actual Results:  
Thunderbird crashes - 

Expected Results:  
Should have encrypted the mail and sent this to the user.

Talkback TB3180519Q

Crashes without warning or response. Talkback agent activated.

Comment 1

[Simon Woods]

Attachment: PKI Certificate of user to send encrypted mail to

This is the public certificate of Daniel Schultz - a collegue who has the new
smart card based Siemens PKI2 certificate.

Comment 2

[Simon Woods]

Attachment: Siemens public root certificate

This is the public root certificate used to issue the users PKI certificate.

Comment 3

[Mike Cowperthwaite]

Maybe dupe of bug 193709?  That hasn't been confirmed yet, but I don't see any 
other 'critical' mail bugs with PK / certificate / S/MIME / secur in the the 
summary.

Comment 4

[Frank Wein [:mcsmurf]]

wfm with a current Mozilla CVS trunk build and a Thawte E-Mail cert (btw: you
can tell your collegue that the two test mails to him are caused by this bug
here ;-)

Comment 5

[Simon Woods]

I have managed to convince the powers that be to provide me with a certificate
(private and public keys) for testing purposes.

Who should I send this to?

My Addresses: Simon.Woods (at) siemens.com or Simon.Woods (at) mch.sbs.de

Comment 6

[Frank Wein [:mcsmurf]]

Ok, i can reproduce this with a current Mozilla build when sending a encrypted
mail with that Siemens cert to a account with a Thawte cert.

Stacktrace:
strlen() line 78
PK11_FindSMimeProfile(PK11SlotInfoStr * * 0x0012afb8, char * 0x00000000,
SECItemStr * 0x04da8e84, SECItemStr * * 0x00000000) line 4055 + 27 bytes
CERT_FindSMimeProfile(CERTCertificateStr * 0x04da8e30) line 918 + 28 bytes
smime_choose_cipher(CERTCertificateStr * 0x00000000, CERTCertificateStr * *
0x05a08d38) line 418 + 15 bytes
NSS_SMIMEUtil_FindBulkAlgForRecipients(CERTCertificateStr * * 0x05a08d38, int *
0x0012b0ac, int * 0x0012b07c) line 556 + 11 bytes
nsCMSMessage::CreateEncrypted(nsCMSMessage * const 0x06a16558, nsIArray *
0x066b0ce0) line 580 + 22 bytes
nsMsgComposeSecure::MimeInitEncryption(int 0x00000000, nsIMsgSendReport *
0x066f3f70) line 651 + 38 bytes
nsMsgComposeSecure::BeginCryptoEncapsulation(nsMsgComposeSecure * const
0x06a69800, nsOutputFileStream * 0x063f9248, const char * 0x06cc4148,
nsIMsgCompFields * 0x0670f7e8, nsIMsgIdentity * 0x04a3bc88, nsIMsgSendReport *
0x066f3f70, int 0x00000000) line 509 + 14 bytes
nsMsgComposeAndSend::BeginCryptoEncapsulation(nsMsgComposeAndSend * const
0x06a333f0) line 1380 + 92 bytes
nsMsgSendPart::Write() line 559 + 38 bytes

NSS devs: If you need the cert for testing, write a mail to the Bug Reporter or
to me, he'll (or i will) send you the cert for testing.

Comment 7

[Frank Wein [:mcsmurf]]

BTW: The Siemens cert contains no e-mail address, so i think that is the cause
of the crash (Subject of the cert only contains three Object Identifiers and O =
Siemens).

Comment 8

[Wan-Teh Chang]

The stack trace clearly shows where the crash occurs.
What's not clear is where to do the null pointer
checking.

Comment 9

[Nelson Bolyard (seldom reads bugmail)]

Is this a dup of bug 263596 which is already fixed in NSS 3.10 for 6 months?

Comment 10

[Frank Wein [:mcsmurf]]

(In reply to comment #9)
> Is this a dup of bug 263596 which is already fixed in NSS 3.10 for 6 months?

Looks like it (i think). So how can we get this fix into current
Mozilla/Thunderbird builds (i know it uses some NSS branch, but which)? 

Comment 11

[Frank Wein [:mcsmurf]]

Ok, it seems NSS_CLIENT_TAG got moved to current NSS tip as it was on 2005/03/15.
wtc: Maybe you want to update
http://www.mozilla.org/projects/security/pki/nss/nss-client-tag.html again, then?
I'll resolve this bug as a dupe as soon as i have compiled&tested that this
patch fixed it.

Comment 12

[Frank Wein [:mcsmurf]]

Reporter: So if you want a build with this problem (Thunderbird crashing) fixed,
download a build from
http://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/latest-trunk/.
Attention(!): These builds might be unstable, might cause dataloss (also i never
experienced this and i tested MANY builds) and you might experience unexpected
behavior. If you want a well-tested build, you have to wait for Thunderbird 1.1

*** This bug has been marked as a duplicate of 263596 ***

Comment 13

[Nelson Bolyard (seldom reads bugmail)]

was resolved in NSS 3.10

Comment 14

[Wan-Teh Chang]

Frank:

I just updated the nss-client-tag.html page.  Thanks for
reminding me.

Have you verified that this bug is indeed fixed in the
latest NSS_CLIENT_TAG (NSS 3.10 Beta 1)?

Comment 15

[Frank Wein [:mcsmurf]]

(In reply to comment #14)
> Have you verified that this bug is indeed fixed in the
> latest NSS_CLIENT_TAG (NSS 3.10 Beta 1)?

Yes, i did make -f client.mk checkout (saw many checkouts with security/nss/),
make -f client.mk build and the crasher was gone when sending a encrypted mail
with such a certificate.

Comment 16

[Simon Woods]

I have just confirmed that this is fixed in the last nightly build (22.03.2005).

Thanks for the effort,

Simon