Closed
Bug 672594
Opened 13 years ago
Closed 8 years ago
Firefox Crash [@ ssl3_HandleCertificate ]
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: marcia, Unassigned)
References
Details
(Keywords: crash)
Crash Data
This is showing on the explosive crash report as having significantly increased in 5.0 and 5.0.1 - https://crash-stats.mozilla.com/report/list?signature=ssl3_HandleCertificate. Explosive crash report is here: http://test.kairo.at/socorro/2011-07-18.firefox.5.explosiveness.html
https://crash-stats.mozilla.com/report/index/cb056648-f02c-4205-8f26-256b92110719
Frame Module Signature [Expand] Source
0 ssl3.dll ssl3_HandleCertificate security/nss/lib/ssl/ssl3con.c:7937
1 ssl3.dll ssl3_HandleHandshakeMessage security/nss/lib/ssl/ssl3con.c:8603
2 ssl3.dll ssl3_HandleHandshake security/nss/lib/ssl/ssl3con.c:8727
3 ssl3.dll ssl3_HandleRecord security/nss/lib/ssl/ssl3con.c:9066
4 ssl3.dll ssl3_GatherCompleteHandshake security/nss/lib/ssl/ssl3gthr.c:209
5 ssl3.dll ssl_GatherRecord1stHandshake security/nss/lib/ssl/sslcon.c:1258
6 ssl3.dll ssl_Do1stHandshake security/nss/lib/ssl/sslsecur.c:151
7 ssl3.dll ssl_SecureSend security/nss/lib/ssl/sslsecur.c:1213
8 ssl3.dll ssl_SecureWrite security/nss/lib/ssl/sslsecur.c:1258
9 ssl3.dll ssl_Write security/nss/lib/ssl/sslsock.c:1652
10 xul.dll nsSSLThread::Run
11 nspr4.dll _PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c:426
12 nspr4.dll pr_root nsprpub/pr/src/md/windows/w95thred.c:122
13 mozcrt19.dll _callthreadstartex obj-firefox/memory/jemalloc/crtsrc/threadex.c:348
14 mozcrt19.dll __dllonexit obj-firefox/memory/jemalloc/crtsrc/onexit.c:276
15 mozcrt19.dll _threadstartex obj-firefox/memory/jemalloc/crtsrc/threadex.c:326
16 kernel32.dll GetCodePageFileInfo
Reporter | ||
Comment 1•13 years ago
|
||
chofmann suggested adding Kai and mrz in case this has something to do with a certificate.
Comment 2•13 years ago
|
||
Correlations:
100% (641/642) vs. 1% (710/107977) spdg.dll
This somehow sounds similar to bug 627716 - there we seemed to assume that spdg.dll is malware, but still, crashing in certificate stuff always makes me worry. Should we blocklist that DLL? Is there something in our code that's wrong?
Comment 3•13 years ago
|
||
I assume the source code locations refer to Firefox 5, which uses NSS 3.12.9.
The crashing line security/nss/lib/ssl/ssl3con.c:7937
is this code:
cert = ss->sec.peerCert;
if (!isServer &&
ssl3_global_policy_some_restricted &&
ss->ssl3.policy == SSL_ALLOWED &&
anyRestrictedEnabled(ss) &&
SECSuccess == CERT_VerifyCertNow(cert->dbhandle, cert,
PR_FALSE, /* checkSig */
certUsageSSLServerWithStepUp,
/*XXX*/ ss->authCertificateArg) ) {
(It's funny the crashing line is marked XXX in the code...)
I think the crash cannot be related to dereferencing ss->
because if ss were null, it would have crashed earlier in this function.
Maybe cert is null, maybe the handshake we received contained bad data, and we fail to construct a cert object. However, the code attempts to deal with that scenario, and would abort prior to this line of code.
Most of ssl3_HandleCertificate and ssl3_ConsumeHandshakeNumber hasn't changed in years, according to CVS blame.
Updated•13 years ago
|
Version: 3.0 → 3.12.9
Comment 4•13 years ago
|
||
I agree with Kai's analysis. I don't see any potential null pointer dereference
by code inspection.
Updated•13 years ago
|
Crash Signature: [@ ssl3_HandleCertificate ] → ssl_Write | nsSSLThread::Run] [@ ssl3_HandleCertificate ]
[@ ssl3_HandleCertificate | ssl3_HandleHandshakeMessage | ssl3_HandleHandshake | ssl3_HandleRecord | ssl3_GatherCompleteHandshake | ssl_GatherRecord1stHandshake | ssl_Do1stHandshake | ssl_SecureSe…
Comment 5•8 years ago
|
||
I'm marking this bug as WORKSFORME as bug crashlog signature didn't appear from a long time (over half year) in Firefox (except some obsolete Fx <46).
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•