Closed Bug 678547 Opened 13 years ago Closed 13 years ago

Firefox 8.0a1 crashes [@ nsHandleSSLError ] if security.OCSP.require is true

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
8 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 678440

People

(Reporter: fc.linuxuser, Assigned: luke)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 obsolete file)

User Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0a1) Gecko/20110812 Firefox/8.0a1 Build ID: 20110812030744 Steps to reproduce: I was restarting nightly to install the daily update Actual results: Nightly crashed and the crash report window came up
The browser didn't crash again after setting security.OCSP.require to false ( by editing ~/.mozilla/firefox<profile>/prefs.js )
Crash Signature: https://crash-stats.mozilla.com/report/index/bp-f4f30de3-ef62-4a58-9016-c30fa2110812 https://crash-stats.mozilla.com/report/index/bp-fa7c9e56-3338-4b0e-aca8-916d12110812 https://crash-stats.mozilla.com/report/index/bp-29124a97-1f64-45e9-987c- 6969521108…
Crash Signature: https://crash-stats.mozilla.com/report/index/bp-f4f30de3-ef62-4a58-9016-c30fa2110812 https://crash-stats.mozilla.com/report/index/bp-fa7c9e56-3338-4b0e-aca8-916d12110812 https://crash-stats.mozilla.com/report/index/bp-29124a97-1f64-45e9-987c- → https://crash-stats.mozilla.com/report/index/bp-f4f30de3-ef62-4a58-9016-c30fa2110812 https://crash-stats.mozilla.com/report/index/bp-fa7c9e56-3338-4b0e-aca8-916d12110812 https://crash-stats.mozilla.com/report/index/bp-29124a97-1f64-45e9-987c-
Moving Report IDs off Crash Signature and putting the crash signature there instead. bp-f4f30de3-ef62-4a58-9016-c30fa2110812 bp-fa7c9e56-3338-4b0e-aca8-916d12110812 bp-29124a97-1f64-45e9-987c-696952110812
Crash Signature: https://crash-stats.mozilla.com/report/index/bp-f4f30de3-ef62-4a58-9016-c30fa2110812 https://crash-stats.mozilla.com/report/index/bp-fa7c9e56-3338-4b0e-aca8-916d12110812 https://crash-stats.mozilla.com/report/index/bp-29124a97-1f64-45e9-987c- 696952… → [@ nsHandleSSLError ]
Severity: normal → critical
Component: General → Security: PSM
Keywords: crash
Product: Firefox → Core
QA Contact: general → psm
Confirming as I can reproduce this starting with today's nightly with security.OCSP.require set to true on Mac OS X 10.6.8: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0a1) Gecko/20110812 Firefox/8.0a1 Likely caused by changeset http://hg.mozilla.org/mozilla-central/rev/0cf822d12c64 from bug 674571
Blocks: 674571
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: x86 → All
Judging by the crash address (http://hg.mozilla.org/mozilla-central/annotate/f262c389193e/security/manager/ssl/src/nsNSSIOLayer.cpp#l1439), which is immediately after a NS_GetProxyForObject, I think the cause is the next cset http://hg.mozilla.org/mozilla-central/rev/be91fb29d950 which explictly aborts. It would seem that OCSCP.require lacks automated tests, since this would have been caught and fixed earlier.
I can't reproduce by setting OCSP.require to true. Is there a particular startup page that is causing this? This could also be caused by a plugin writing wrapped JS for certain NSS interfaces; could you test whether the crash reproduces with all extensions disabled?
Blocks: 674597
No longer blocks: 674571
(In reply to Luke Wagner [:luke] from comment #5) > I can't reproduce by setting OCSP.require to true. Is there a particular > startup page that is causing this? I'm working on STR > This could also be caused by a plugin > writing wrapped JS for certain NSS interfaces; could you test whether the > crash reproduces with all extensions disabled? I could reproduce it in safe-mode: https://crash-stats.mozilla.com/report/index/bp-2d5cbd37-8ce8-402b-8f64-7c1fa2110812
Great. comment 4 fingered the offending code, I'll write a patch to convert the bad proxy use to a plain old runnable.
(In reply to Matthew N. [:MattN] from comment #6) > (In reply to Luke Wagner [:luke] from comment #5) > > I can't reproduce by setting OCSP.require to true. Is there a particular > > startup page that is causing this? > > I'm working on STR I can't seem to reproduce this anymore after setting the pref back to true. Perhaps the OCSP server is responding properly now so the error code path is not getting executed.
Attached patch fix (obsolete) — Splinter Review
This patch removes the offending NS_GetProxyForObject calls which caused the abort.
Assignee: nobody → luke
Status: NEW → ASSIGNED
Attachment #552824 - Flags: review?
Keywords: regression
Comment on attachment 552824 [details] [diff] [review] fix Kai: please review or pass on to bsmith if you're too busy. This crash needs to be fixed if we want to require OCSP responses (especially for all the people who currently have that enabled in the aftermath of #comodogate).
Attachment #552824 - Flags: review? → review?(kaie)
Comment on attachment 552824 [details] [diff] [review] fix The assert has been backed out (5f0596a0b81e) which should be in the latest nightly.
Attachment #552824 - Attachment is obsolete: true
Attachment #552824 - Flags: review?(kaie)
Crashes have dropped to 0.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: