Last Comment Bug 320349 - Crash on authentication to the proxy server (possibly MS ISA server)
: Crash on authentication to the proxy server (possibly MS ISA server)
Status: RESOLVED FIXED
: crash, fixed1.8.0.4, fixed1.8.1
Product: Core
Classification: Components
Component: Networking: HTTP (show other bugs)
: 1.8 Branch
: x86 Windows 98
: -- critical (vote)
: mozilla1.8.1
Assigned To: John Found
:
: Patrick McManus [:mcmanus]
Mentors:
http://bonsai.mozilla.org/cvsblame.cg...
: 321527 330044 (view as bug list)
Depends on: 237586
Blocks:
  Show dependency treegraph
 
Reported: 2005-12-14 23:26 PST by John Found
Modified: 2006-05-22 14:59 PDT (History)
9 users (show)
dveditz: blocking1.8.0.4+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
patch (2.43 KB, patch)
2006-01-01 11:53 PST, :Gavin Sharp [email: gavin@gavinsharp.com]
darin.moz: review+
darin.moz: superreview+
dveditz: approval1.8.0.1-
timr: approval1.8.0.2-
timr: approval1.8.0.4+
dveditz: approval1.8.1+
Details | Diff | Splinter Review

Description John Found 2005-12-14 23:26:31 PST
User-Agent:       Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
Build Identifier: Mozilla/5.0 

The problem is that, when FireFox uses password protected proxy, it crashes calling SECUR32.InitializeSecurityContextA function. Actually crashes secur32.dll, because of bad argumets passed from Firefox. 
The call is at address: 8916d1h in Firefox.exe 
The cause of the crash is the 12th argument of the function - pointer to TimeStamp structure. Microsoft states that this argument can be NULL, but Win98 version of secur32.dll crashes when this argument is NULL (maybe only in combination with some of the other arguments)... 
Visibly this bug is fixed in Win2000/XP versions of the .dll, because there Firefox works just fine. 
This crash is not observed in earlier versions of Firefox - 0.9 for example.



Reproducible: Always

Steps to Reproduce:
1. Set proxy to some MS ISA server with password authentification
2. Try to open any web page

Actual Results:  
FIREFOX caused an invalid page fault in
module SECUR32.DLL at 016f:7f8737da.
Registers:
EAX=76fdcee0 CS=016f EIP=7f8737da EFLGS=00010202
EBX=00000000 SS=0177 ESP=00d1f5bc EBP=00d1f640
ECX=00000000 DS=0177 ESI=00090312 FS=12e7
EDX=01c60159 ES=0177 EDI=023ce7a0 GS=2f26
Bytes at CS:EIP:
89 01 8b 45 fc 89 51 04 c7 40 20 01 00 00 00 83 
Stack dump:
023ceeb0 023ceea8 023ceeb0 00000000 00000000 00000000 00000000 023ce7b0 00000030 00000010 00af65c4 00000020 bff7a3a0 00af0000 00af65e4 00000010 

Expected Results:  
Not crashing at least ;)

I looked at the sourcecode and found two files where InitializeSecurityContext is called: 

1. mozilla/extensions/auth/nsAuthSSPI.cpp line 246: 

    rc = (sspi->InitializeSecurityContext)(&mCred, 
                                           ctxIn, 
                                           sn, 
                                           ctxReq, 
                                           0, 
                                           SECURITY_NATIVE_DREP, 
                                           inToken ? &ibd : NULL, 
                                           0, 
                                           &mCtxt, 
                                           &obd, 
                                           &ctxAttr, 
                                           NULL); 

I never wrote C++ before, but IMHO it should be: 

    TIMESTAMP Dummy; 
    rc = (sspi->InitializeSecurityContext)(&mCred, 
                                           ctxIn, 
                                           sn, 
                                           ctxReq, 
                                           0, 
                                           SECURITY_NATIVE_DREP, 
                                           inToken ? &ibd : NULL, 
                                           0, 
                                           &mCtxt, 
                                           &obd, 
                                           &ctxAttr, 
                                           &Dummy); 
 
2. mozilla/extensions/negotiateauth/nsNegotiateAuthSSPI.cpp line 322: 

The source code is absolutely the same as above (copy&pasted) and the solution too.
Comment 1 Adam Guthrie 2005-12-16 12:31:43 PST
John, so it looks like you know how to fix this. What you need to do is make a patch for this from CVS, then request a review on that patch from an appropriate reviewer.
Comment 2 John Found 2005-12-20 03:28:00 PST
(In reply to comment #1)
> John, so it looks like you know how to fix this. What you need to do is make a
> patch for this from CVS, then request a review on that patch from an
> appropriate reviewer.
> 

I am not C/C++ programmer at all, never worked with CVS and don't have time to learn these things right now. :)
Comment 3 Ty Kelly 2005-12-28 07:31:59 PST
I'm not a programmer.  I loaded firefox 1.5 yesterday. Now when I try to open the  "dailygraph" function that I use on the Investor's Business daily website Firefox crashes.  It has done this several times.   Any suggestions?   
Comment 4 Adam Guthrie 2005-12-28 17:06:49 PST
(In reply to comment #3)
> I'm not a programmer.  I loaded firefox 1.5 yesterday. Now when I try to open
> the  "dailygraph" function that I use on the Investor's Business daily website
> Firefox crashes.  It has done this several times.   Any suggestions?   

Install talkback, get a talkback ID for the crash. See if the bug's already filed, if not, file a new bug for the crash.

Comment 5 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-01-01 11:53:46 PST
Created attachment 207311 [details] [diff] [review]
patch

Builds on windows, VC7.1.
Comment 6 John Found 2006-01-03 05:41:13 PST
(In reply to comment #5)
> Created an attachment (id=207311) [edit]
> patch
> 
> Builds on windows, VC7.1.
> 

Thank you. But don't forget about "mozilla/extensions/negotiateauth/nsNegotiateAuthSSPI.cpp" line 322. There is the same problem.

Regards
Comment 7 timeless 2006-01-03 22:05:28 PST
reporter: that file is dead on trunk, it was moved to the other place...
Comment 8 Darin Fisher 2006-01-04 08:20:08 PST
Comment on attachment 207311 [details] [diff] [review]
patch

We should get this in for FF 2 for sure, but it might also be a good one for a minor update to FF 1.5
Comment 9 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-01-04 08:24:07 PST
Checked in on the trunk. Thanks for filing this, John!

mozilla/extensions/auth/nsAuthSSPI.cpp; new revision: 1.6; previous revision: 1.5
Comment 10 Daniel Veditz [:dveditz] 2006-01-05 12:48:01 PST
Comment on attachment 207311 [details] [diff] [review]
patch

Might consider for 1.8.0.2 after more baking
Comment 11 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-01-05 12:56:36 PST
Landed on the 1.8 branch (for Firefox 2).
mozilla/extensions/auth/nsAuthSSPI.cpp; new revision: 1.4.2.2;
Comment 12 Darin Fisher 2006-03-10 11:23:31 PST
Comment on attachment 207311 [details] [diff] [review]
patch

OK, please consider this for 1.8.0.2.  See bug 330044.
Comment 13 Tim Riley [:timr] 2006-03-13 11:46:49 PST
Comment on attachment 207311 [details] [diff] [review]
patch

We don't want to re-spin bits.  "-" for 1.8.0.2,  "?" for 1.8.0.3.  This should be a no brainer for 1.8.0.3.
Comment 14 Darin Fisher 2006-03-30 14:25:23 PST
*** Bug 330044 has been marked as a duplicate of this bug. ***
Comment 15 Darin Fisher 2006-03-30 14:26:20 PST
This is a trivial fix, that we should not pass over for 1.8.0.3
Comment 16 Tim Riley [:timr] 2006-04-12 11:27:46 PDT
Comment on attachment 207311 [details] [diff] [review]
patch

a=timr.  crasher.  now baked. Land it!
Comment 17 Ian Neal 2006-04-26 14:40:22 PDT
Yes please, land this on 1.8.0.x as we need this for SM1.0.2 - thanks
Comment 18 Ian Neal 2006-04-26 14:48:32 PDT
*** Bug 321527 has been marked as a duplicate of this bug. ***
Comment 19 Daniel Veditz [:dveditz] 2006-04-28 12:03:25 PDT
Reopening to reassign to gavin (who checked in to other branches).
Comment 20 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-04-28 12:48:29 PDT
mozilla/extensions/auth/nsAuthSSPI.cpp 	1.4.2.1.4.4
Comment 21 Colin Ogilvie [:cso] 2006-04-28 13:42:38 PDT
I'm now confused...

Is this fixed in 1.8.0.3, which should be the next release, or fixed in 1.8.0.4?

I can see approval1.8.0.3 being set on the attachment in the View Bug Activity table, but it's not set on the bug or attachment on show_bug.cgi, and I can't see it being removed in the table.
Comment 22 Christian :Biesinger (don't email me, ping me on IRC) 2006-04-28 14:17:56 PDT
1.8.0.3 is special... it has just a single patch or so. what was planned to be 1.8.0.3 is now renamed to 1.8.0.4, so this is fixed only in .4.
Comment 23 juan becerra [:juanb] 2006-05-22 14:59:04 PDT
John, could you verify this fix with one of the release candidates (1.5.0.4) that can be found here:

http://stage.mozilla.org/pub/mozilla.org/firefox/nightly/1.5.0.4-candidates/rc3/

I don't have a proxy I can specify to verify the fix.

Note You need to log in before you can comment on or make changes to this bug.