816488 - bogus error code from NSS_Shutdown

Status: NEW

(NSS :: Libraries, defect, P3)

Description

[John Dennis]

User Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Firefox/17.0
Build ID: 20121119145849

Steps to reproduce:

There is a bug in the error handling logic in nss_Shutdown() which causes a bogus error code to be returned due to the following sequence of steps in nss_Shutdown():

...
status = STAN_Shutdown();
...
nss_DestroyErrorStack();
nssArena_Shutdown();
if (status == PR_FAILURE) {
    if (NSS_GetError() == NSS_ERROR_BUSY) {
        PORT_SetError(SEC_ERROR_BUSY);
    }
    shutdownRV = SECFailure;
}

Note that NSS_GetError() is called *after* nss_DestroyErrorStack()!

When NSS_GetError() is called error_get_my_stack() is invoked but because the thread local stack was destroyed it happily recreates a brand new error stack with no errors, as result NSS_GetError() returns 0.

This then causes a failure to set the correct error code via PORT_SetError(). NSS_Shutdown() returns SECFailure and the caller of NSS_Shutdown() then invokes PORT_GetError() which then returns a completely bogus error code from the dim past (because errors are never cleared).



Actual results:

PR_GetError() returned -8157 after NSS_Shutdown() returned SECFailure.  Error code -8157 is SEC_ERROR_EXTENSION_NOT_FOUND and was set by internal routines that were processing a cert and looking for the BasicConstraints extention to determine if the cert was a CA cert, which is not actually a user visible error, rather it's library internal logic. Hence it's a completely bogus error code.


Expected results:

PR_GetError() should have returned SEC_ERROR_BUSY after NSS_Shutdown() returned SECFailure.