Firefox 8.0a1 crashes [@ nsHandleSSLError ] if security.OCSP.require is true

RESOLVED DUPLICATE of bug 678440

Status

()

--
critical
RESOLVED DUPLICATE of bug 678440
7 years ago
7 years ago

People

(Reporter: fc.linuxuser, Assigned: luke)

Tracking

({crash, regression})

8 Branch
crash, regression
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 obsolete attachment)

(Reporter)

Description

7 years ago
User Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0a1) Gecko/20110812 Firefox/8.0a1
Build ID: 20110812030744

Steps to reproduce:

I was restarting nightly to install the daily update


Actual results:

Nightly crashed and the crash report window came up
(Reporter)

Comment 1

7 years ago
The browser didn't crash again after setting security.OCSP.require to false ( by editing ~/.mozilla/firefox<profile>/prefs.js )
Crash Signature: https://crash-stats.mozilla.com/report/index/bp-f4f30de3-ef62-4a58-9016-c30fa2110812 https://crash-stats.mozilla.com/report/index/bp-fa7c9e56-3338-4b0e-aca8-916d12110812 https://crash-stats.mozilla.com/report/index/bp-29124a97-1f64-45e9-987c- 6969521108…
(Reporter)

Updated

7 years ago
Crash Signature: https://crash-stats.mozilla.com/report/index/bp-f4f30de3-ef62-4a58-9016-c30fa2110812 https://crash-stats.mozilla.com/report/index/bp-fa7c9e56-3338-4b0e-aca8-916d12110812 https://crash-stats.mozilla.com/report/index/bp-29124a97-1f64-45e9-987c- 6969521108… → https://crash-stats.mozilla.com/report/index/bp-f4f30de3-ef62-4a58-9016-c30fa2110812 https://crash-stats.mozilla.com/report/index/bp-fa7c9e56-3338-4b0e-aca8-916d12110812 https://crash-stats.mozilla.com/report/index/bp-29124a97-1f64-45e9-987c- 696952…

Comment 2

7 years ago
Moving Report IDs off Crash Signature and putting the crash signature there instead.

bp-f4f30de3-ef62-4a58-9016-c30fa2110812
bp-fa7c9e56-3338-4b0e-aca8-916d12110812
bp-29124a97-1f64-45e9-987c-696952110812
Crash Signature: https://crash-stats.mozilla.com/report/index/bp-f4f30de3-ef62-4a58-9016-c30fa2110812 https://crash-stats.mozilla.com/report/index/bp-fa7c9e56-3338-4b0e-aca8-916d12110812 https://crash-stats.mozilla.com/report/index/bp-29124a97-1f64-45e9-987c- 696952… → [@ nsHandleSSLError ]
Severity: normal → critical
Component: General → Security: PSM
Keywords: crash
Product: Firefox → Core
QA Contact: general → psm
Confirming as I can reproduce this starting with today's nightly with security.OCSP.require set to true on Mac OS X 10.6.8:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0a1) Gecko/20110812 Firefox/8.0a1

Likely caused by changeset http://hg.mozilla.org/mozilla-central/rev/0cf822d12c64 from bug 674571
Blocks: 674571
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: x86 → All
(Assignee)

Comment 4

7 years ago
Judging by the crash address (http://hg.mozilla.org/mozilla-central/annotate/f262c389193e/security/manager/ssl/src/nsNSSIOLayer.cpp#l1439), which is immediately after a NS_GetProxyForObject, I think the cause is the next cset http://hg.mozilla.org/mozilla-central/rev/be91fb29d950 which explictly aborts.

It would seem that OCSCP.require lacks automated tests, since this would have been caught and fixed earlier.
(Assignee)

Comment 5

7 years ago
I can't reproduce by setting OCSP.require to true.  Is there a particular startup page that is causing this?  This could also be caused by a plugin writing wrapped JS for certain NSS interfaces; could you test whether the crash reproduces with all extensions disabled?
Blocks: 674597
No longer blocks: 674571
(In reply to Luke Wagner [:luke] from comment #5)
> I can't reproduce by setting OCSP.require to true.  Is there a particular
> startup page that is causing this?  

I'm working on STR

> This could also be caused by a plugin
> writing wrapped JS for certain NSS interfaces; could you test whether the
> crash reproduces with all extensions disabled?

I could reproduce it in safe-mode: https://crash-stats.mozilla.com/report/index/bp-2d5cbd37-8ce8-402b-8f64-7c1fa2110812
(Assignee)

Comment 7

7 years ago
Great.  comment 4 fingered the offending code, I'll write a patch to convert the bad proxy use to a plain old runnable.
(In reply to Matthew N. [:MattN] from comment #6)
> (In reply to Luke Wagner [:luke] from comment #5)
> > I can't reproduce by setting OCSP.require to true.  Is there a particular
> > startup page that is causing this?  
> 
> I'm working on STR

I can't seem to reproduce this anymore after setting the pref back to true.  Perhaps the OCSP server is responding properly now so the error code path is not getting executed.
(Assignee)

Comment 9

7 years ago
Created attachment 552824 [details] [diff] [review]
fix

This patch removes the offending NS_GetProxyForObject calls which caused the abort.
Assignee: nobody → luke
Status: NEW → ASSIGNED
Attachment #552824 - Flags: review?
Keywords: regression
Comment on attachment 552824 [details] [diff] [review]
fix

Kai: please review or pass on to bsmith if you're too busy. This crash needs to be fixed if we want to require OCSP responses (especially for all the people who currently have that enabled in the aftermath of #comodogate).
Attachment #552824 - Flags: review? → review?(kaie)
(Assignee)

Comment 11

7 years ago
Comment on attachment 552824 [details] [diff] [review]
fix

The assert has been backed out (5f0596a0b81e) which should be in the latest nightly.
Attachment #552824 - Attachment is obsolete: true
Attachment #552824 - Flags: review?(kaie)
(Assignee)

Comment 12

7 years ago
Crashes have dropped to 0.
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 678440
You need to log in before you can comment on or make changes to this bug.