456945 - EV failure, off by one error

Status: VERIFIED FIXED

(Core :: Security: PSM, defect)

Description

[Kai Engert (:KaiE:)]

When using Firefox on PowerPC hardware, the EV feature never works. 
We don't get the green identity UI on https://www.paypal.com but only the plain DV UI.

This is caused by an off-by-one error in a C data structure, the bug was introduced with the patch from bug 406755.

The array has room for 3 elements, but we store 4 into it.

Comment 1

[Kai Engert (:KaiE:)]

Attachment: Patch v1 [Checkin: Comment 7]

Comment 2

[Robert Relyea]

Comment on attachment 340307 [details] [diff] [review]
Patch v1
[Checkin: Comment 7]

r+ how did we miss that?

Perhaps an assert(cvin - &cvin(max) >= sizeof(cvin)/sizeof(cvin[0]))
;)

Of course this implies you need to update max when you add a new argument as well.

bob

Comment 3

[Daniel Veditz [:dveditz]]

Why does this "depend on" the fixed bug 406755? Is there more to be done there?

Comment 4

[Kai Engert (:KaiE:)]

(In reply to comment #3)
> Why does this "depend on" the fixed bug 406755?

Because that bug introduced this bug.


> Is there more to be done there?

No

Comment 5

[Daniel Veditz [:dveditz]]

ah, ok. Our convention has been that this "blocks" the regressing bug rather than "depends on", since a _real_ fix for the older bug will have to include this one. One of these days we're promised a separate regression-tracking field.

Comment 6

[Daniel Veditz [:dveditz]]

Comment on attachment 340307 [details] [diff] [review]
Patch v1
[Checkin: Comment 7]

Approved for 1.9.0.4, a=dveditz for release-drivers

Comment 7

[Serge Gautherie (:sgautherie)]

Comment on attachment 340307 [details] [diff] [review]
Patch v1
[Checkin: Comment 7]

http://hg.mozilla.org/mozilla-central/rev/776e27d91733

Comment 8

[Reed Loden [:reed]]

CVS HEAD:

Checking in security/manager/ssl/src/nsIdentityChecking.cpp;
/cvsroot/mozilla/security/manager/ssl/src/nsIdentityChecking.cpp,v  <--  nsIdentityChecking.cpp
new revision: 1.24; previous revision: 1.23
done

Comment 9

[Tim Riley [:timr]]

Attachment: Snap of Paypal Site on FFx 3.0.1

This bug does not seem reproducible on 3.0.1.  The Green EV indication in the URL bar appears as expected.  User Agent is:

Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.0.1) Gecko/2008070206 Firefox/3.0.1

Comment 10

[Tim Riley [:timr]]

Attachment: Snap of Paypal Site on FFx 3.0.3

I can't repro this on 3.0.3 either.  The green EV cert indication is present here.  User agent string:

Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.0.3) Gecko/2008092414 Firefox/3.0.3

Comment 11

[Tim Riley [:timr]]

Attachment: Snap of Paypal Site on FFx 3.0.4pre Oct 26, 2008

Worked as expected in 3.0.4pre after the fix.  But I was not able to repro the failure in a previous version.  My user agent string for 3.0.4pre is:

Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.0.4pre) Gecko/2008102704 GranParadiso/3.0.4pre

Comment 12

[Samuel Sidler (old account; do not CC)]

I think this needs to be verified on a Linux PPC machine. Kaie?

fwiw, I can't reproduce using Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.0.3) Gecko/2008092414 Firefox/3.0.3

(Note: 10.4 instead of 10.5 which Tim was testing.)

Comment 13

[Kai Engert (:KaiE:)]

A colleague at Red Hat had reproduced the failure on a Linux PPC machine, and had verified that the patch attached to this bug fixed the issue. (I don't have an environment either.)

Comment 14

[Al Billings [:abillings - ex-MoCo]]

Marking this as verified for 1.9.0.4. I don't think we're going to get much further here.