Closed Bug 456945 Opened 12 years ago Closed 11 years ago

EV failure, off by one error

Categories

(Core :: Security: PSM, defect)

defect
Not set

Tracking

()

VERIFIED FIXED
mozilla1.9.1b2

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

(Keywords: regression, verified1.9.0.4)

Attachments

(4 files)

When using Firefox on PowerPC hardware, the EV feature never works. 
We don't get the green identity UI on https://www.paypal.com but only the plain DV UI.

This is caused by an off-by-one error in a C data structure, the bug was introduced with the patch from bug 406755.

The array has room for 3 elements, but we store 4 into it.
Flags: blocking1.9.0.3?
Attachment #340307 - Flags: review?(rrelyea)
Flags: blocking1.9.0.3? → blocking1.9.0.4?
Comment on attachment 340307 [details] [diff] [review]
Patch v1
[Checkin: Comment 7]

r+ how did we miss that?

Perhaps an assert(cvin - &cvin(max) >= sizeof(cvin)/sizeof(cvin[0]))
;)

Of course this implies you need to update max when you add a new argument as well.

bob
Attachment #340307 - Flags: review?(rrelyea) → review+
Why does this "depend on" the fixed bug 406755? Is there more to be done there?
Flags: blocking1.9.0.4? → blocking1.9.0.4+
Keywords: checkin-needed
(In reply to comment #3)
> Why does this "depend on" the fixed bug 406755?

Because that bug introduced this bug.


> Is there more to be done there?

No
Attachment #340307 - Flags: approval1.9.0.4?
ah, ok. Our convention has been that this "blocks" the regressing bug rather than "depends on", since a _real_ fix for the older bug will have to include this one. One of these days we're promised a separate regression-tracking field.
Blocks: 406755
No longer depends on: 406755
Keywords: regression
Comment on attachment 340307 [details] [diff] [review]
Patch v1
[Checkin: Comment 7]

Approved for 1.9.0.4, a=dveditz for release-drivers
Attachment #340307 - Flags: approval1.9.0.4? → approval1.9.0.4+
Comment on attachment 340307 [details] [diff] [review]
Patch v1
[Checkin: Comment 7]

http://hg.mozilla.org/mozilla-central/rev/776e27d91733
Attachment #340307 - Attachment description: Patch v1 → Patch v1 [Checkin: Comment 7]
Status: NEW → RESOLVED
Closed: 11 years ago
Hardware: PC → All
Resolution: --- → FIXED
Whiteboard: [c-n: 1.9.0 branch]
Target Milestone: --- → mozilla1.9.1b2
Version: 1.9.0 Branch → Trunk
CVS HEAD:

Checking in security/manager/ssl/src/nsIdentityChecking.cpp;
/cvsroot/mozilla/security/manager/ssl/src/nsIdentityChecking.cpp,v  <--  nsIdentityChecking.cpp
new revision: 1.24; previous revision: 1.23
done
Whiteboard: [c-n: 1.9.0 branch]
This bug does not seem reproducible on 3.0.1.  The Green EV indication in the URL bar appears as expected.  User Agent is:

Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.0.1) Gecko/2008070206 Firefox/3.0.1
I can't repro this on 3.0.3 either.  The green EV cert indication is present here.  User agent string:

Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.0.3) Gecko/2008092414 Firefox/3.0.3
Worked as expected in 3.0.4pre after the fix.  But I was not able to repro the failure in a previous version.  My user agent string for 3.0.4pre is:

Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.0.4pre) Gecko/2008102704 GranParadiso/3.0.4pre
I think this needs to be verified on a Linux PPC machine. Kaie?

fwiw, I can't reproduce using Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.0.3) Gecko/2008092414 Firefox/3.0.3

(Note: 10.4 instead of 10.5 which Tim was testing.)
A colleague at Red Hat had reproduced the failure on a Linux PPC machine, and had verified that the patch attached to this bug fixed the issue. (I don't have an environment either.)
Status: RESOLVED → VERIFIED
Marking this as verified for 1.9.0.4. I don't think we're going to get much further here.
You need to log in before you can comment on or make changes to this bug.