Closed
Bug 403698
Opened 17 years ago
Closed 17 years ago
Crash with certs from certificates.starfieldtech.com
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 403685
3.12
People
(Reporter: KaiE, Unassigned)
References
()
Details
(Keywords: crash, Whiteboard: PKIX)
I was playing with PKIX_VerifyCert, and was attempting to verify the policy OID listed in that server cert. From some earlier testing, I was expecting the cert to chain up to a root with subject/issuer: "OU=Starfield Class 2 Certification Authority,O=\"Starfield Technologies, Inc.\",C=US" When using PSM's view-pageinfo and view-page-cert, which are based on the classic NSS calls, it still lists that cert as the issuer. However, libpkix based verification (which succeeds) finds a different root issuer: A cert from Valicert. The trouble is, I get a crash when playing with these certs. Steps to reproduce the crash: - go to https://certificates.starfieldtech.com/images/trust_logo.gif - view page info, view cert, details, close, close - open cert manager, authorities tab, scroll to valicert - click on the valicert cert that is stored in the soft device - view, details, close, close - try again to view cert - crash The place of the crash is random. Once I crash in CERT_GetOrgName, another time I crashed in CERT_GetAVATag
Comment 1•17 years ago
|
||
Kai, the fact that the old code and the new code will build chains up to different roots is expected. It's why the approach of first testing the chain with the old code, then testing it again for EV with the new code is doomed.
Reporter | ||
Comment 2•17 years ago
|
||
I know :-) And now we have a test case. The difference in root cert lookup is not the point of this bug, it's just a detail of our current behavior. The point of this bug is the crash.
Comment 3•17 years ago
|
||
Yay for having a test case! :)
Comment 4•17 years ago
|
||
In reply to comment 0: > Once I crash in CERT_GetOrgName, another time I crashed in CERT_GetAVATag The code in the functions named above is very old NSS code. It is called both directly by applications, and may also be called from within libPKIX. But a failure in those functions would not suggest to me a libPKIX problem. (Neither does it eliminate libPKIX as a possible cause). I suspect that the value of the CERTName pointer being passed to these functions is bogus, causing those functions to rely on invalid pointers. Considering the sequence of steps to reproduce, I suspect that the data to which the CERTName pointer points has been freed.
Updated•17 years ago
|
Whiteboard: PKIX
Target Milestone: --- → 3.12
Reporter | ||
Comment 5•17 years ago
|
||
By applying the patch in bug 483685, this testcase no longer crashes! I'm therefore resolving this as a duplicate.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•