Open Bug 816488 Opened 13 years ago Updated 2 years ago

bogus error code from NSS_Shutdown

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Version:
3.13.6
Type:
defect

Tracking

(Not tracked)

People

(Reporter: jdennis, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Firefox/17.0 Build ID: 20121119145849 Steps to reproduce: There is a bug in the error handling logic in nss_Shutdown() which causes a bogus error code to be returned due to the following sequence of steps in nss_Shutdown(): ... status = STAN_Shutdown(); ... nss_DestroyErrorStack(); nssArena_Shutdown(); if (status == PR_FAILURE) { if (NSS_GetError() == NSS_ERROR_BUSY) { PORT_SetError(SEC_ERROR_BUSY); } shutdownRV = SECFailure; } Note that NSS_GetError() is called *after* nss_DestroyErrorStack()! When NSS_GetError() is called error_get_my_stack() is invoked but because the thread local stack was destroyed it happily recreates a brand new error stack with no errors, as result NSS_GetError() returns 0. This then causes a failure to set the correct error code via PORT_SetError(). NSS_Shutdown() returns SECFailure and the caller of NSS_Shutdown() then invokes PORT_GetError() which then returns a completely bogus error code from the dim past (because errors are never cleared). Actual results: PR_GetError() returned -8157 after NSS_Shutdown() returned SECFailure. Error code -8157 is SEC_ERROR_EXTENSION_NOT_FOUND and was set by internal routines that were processing a cert and looking for the BasicConstraints extention to determine if the cert was a CA cert, which is not actually a user visible error, rather it's library internal logic. Hence it's a completely bogus error code. Expected results: PR_GetError() should have returned SEC_ERROR_BUSY after NSS_Shutdown() returned SECFailure.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Severity: normal → S3
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.