Closed Bug 423475 Opened 17 years ago Closed 17 years ago

Paypal crashes loading main site [@ cert_pkixSetParam]

Categories

(Core :: Security: PSM, defect, P1)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.9beta5

People

(Reporter: jmjjeffery, Assigned: KaiE)

References

(
URL
)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Patch v1
1.93 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review
With today's build, www.paypal.com crashes as soon as the site is accessed. Suspect bug 406755 as the cause. Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5pre) Gecko/2008031705 Minefield/3.0b5pre Firefox/3.0 Firefox/2.0.0.12 ID:2008031705 Vista HP Was noted in the build forums today: http://forums.mozillazine.org/viewtopic.php?p=3298643#3298643 Breakpad reports have been sent according to the forum, but I don't have the report numbers.
Keywords: regression
Flags: blocking-firefox3?
Keywords: crash
No crash: 20080316_0318_firefox-3.0b5pre.en-US.win32 Crash: 20080316_0720_firefox-3.0b5pre.en-US.win32 Checkins to module PhoenixTinderbox between 2008-03-16 03:18 and 2008-03-16 07:19 : http://bonsai.mozilla.org/cvsquery.cgi?module=PhoenixTinderbox&date=explicit&mindate=1205662680&maxdate=1205677199 bug 406755 or bug 420151.
JohnathanS on IRC has BP report: http://crash-stats.mozilla.com/report/index/6e19c123-f447-11dc-842d-001a4bd43ed6 Points to NSS problem, so more likely 420151
I think I found the bug. Simple copy&paste bug. :-/ Code added with bug 406755: rev.leafTests.number_of_defined_methods = cert_revocation_method_ocsp +1; rev.leafTests.cert_rev_flags_per_method = methodFlags; rev.leafTests.number_of_preferred_methods = 1; rev.leafTests.preferred_methods = preferedRevMethods; rev.leafTests.cert_rev_method_independent_flags = revMethodIndependentFlags; rev.chainTests.number_of_defined_methods = cert_revocation_method_ocsp +1; ## rev.leafTests.cert_rev_flags_per_method = methodFlags; rev.chainTests.number_of_preferred_methods = 1; rev.chainTests.preferred_methods = preferedRevMethods; rev.chainTests.cert_rev_method_independent_flags = revMethodIndependentFlags; The line marked with ## sets leafTests, bug it should set chainTests, leaving this pointer uninitialized. We crash because we access random memory.
Note that I didn't crash in debug builds, that's why I didn't notice this bug. So, after I had applied my fix, I no longer crashed, however, I no longer got EV UI on paypal's site either. The reason is, the revocation checking flags I'm using are too strict. We must drop CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO, which is currently being used for each attempted method. But we already have the method independent flag CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE, which is sufficient. Attaching patch now.
Attached patch Patch v1Splinter Review
Attachment #310026 - Flags: review?(rrelyea)
Comment on attachment 310026 [details] [diff] [review] Patch v1 r+ Those are the right bits.
Attachment #310026 - Flags: review?(rrelyea) → review+
Attachment #310026 - Flags: approval1.9?
Assignee: nobody → dveditz
Flags: blocking-firefox3?
Product: Firefox → Core
QA Contact: firefox → toolkit
Assignee: dveditz → kengert
Component: Security → Security: PSM
Flags: blocking1.9+
Priority: -- → P1
QA Contact: toolkit → psm
Comment on attachment 310026 [details] [diff] [review] Patch v1 Blocker now, you're cleared to land.
Attachment #310026 - Flags: approval1.9?
Status: NEW → ASSIGNED
OS: Windows Vista → All
Hardware: PC → All
Target Milestone: --- → mozilla1.9beta5
fix checked in, thanks.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
paypal is still crashing, but now it makes the main page fine but crashes when you hit log in. Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5pre) Gecko/2008031710 Minefield/3.0b5pre
(In reply to comment #9) > paypal is still crashing, but now it makes the main page fine but crashes when > you hit log in. > > Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5pre) Gecko/2008031710 > Minefield/3.0b5pre WFM on Mac trunk - perhaps this is a different issue? Is it the same crash stack?
Karl, I checked in at 2008-03-17 11:42 Your build ID says 2008031710, which sounds like today 10 o'clock? Are you sure your build picked up my fix?
yeah, he's using a build w/o the patch
Oh god, I am so sorry. I downloaded the hourly from tinderbox, but I somehow seem to have picked up the wrong build :S Just tested with a fresh download and all is well. Apologies.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5pre) Gecko/2008031712 Minefield/3.0b5pre ID:2008031712 no crash on paypal or it's login page here
Please get a test in for this. If our infrastructure doesn't support it, file bugs on whatever would need to happen so we could test this?
Flags: in-testsuite?
verified fixed using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9b5pre) Gecko/2008031804 Minefield/3.0b5pre as well as the Windows XP nightly.
Status: RESOLVED → VERIFIED
(In reply to comment #16) > Please get a test in for this. If our infrastructure doesn't support it, file > bugs on whatever would need to happen so we could test this? Verifying that we can successfully load a secure EV page (like https://www.paypal.com/) would be a good test.
Summary: Paypal crashes loading main site → Paypal crashes loading main site [@ cert_pkixSetParam]
Crash Signature: [@ cert_pkixSetParam]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: