Closed Bug 84057 Opened 23 years ago Closed 23 years ago

Crash visiting SSL site which has a UCS4 string in signer DN

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: teilo+bugzilla, Assigned: javi)

References

(
URL
)

Details

(Keywords: crash)

Attachments

(1 file)

Patch to fix crash
1.62 KB, patch
Details | Diff | Splinter Review 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9+) Gecko/20010603
BuildID:    2001060308

When I view a page that is encrypted with a self-signed openSSL gernerated
certificate mozilla crashes in PIPNSS after you accept the certificate.


Reproducible: Always
Steps to Reproduce:
1. Go to https://mailhost.teilo.net/
2. Accept the certificate permenantly
3. Crash

Actual Results:  Mozilla crashes in PIPNSS.DLL

Expected Results:  Mozilla shows the page without crashing

Note that if you re-start mozilla you can view the certificates contents in the
preferences->security certs without mozilla crashing.
Also happens in Secure IMAP in mail&news 
also https://www.sm.luth.se/
TalkBack IDs from 2001052504_0.9.1 (Downloaded 2001-06-04-11-0.9.1) 
(The nightly trunk did not have talkback enabled.)
TB31313855M
TB31312209Q
Over to PSM
Status: UNCONFIRMED → NEW
Component: Security: Crypto → Client Library
Ever confirmed: true
Keywords: crash
Product: Browser → PSM
Version: other → 2.0

*** This bug has been marked as a duplicate of 79414 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Bug 79414 is about v1 certificates.  mailhost.teilo.net uses a version 3 
certificate.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
This appears to be a problem with NSS's implementation of CERT_AsciiToName

It fails converting the string "signer"

(gdb) print signer
$1 = 0x42412ec8 "E=adm@teilo.net, CN=mailhost.teilo.net, OU=Internet mail,
O=teilo.net, L=Luleå, ST=Norrbotten, C=SE"

into a valid CERTName structure.  The UCS4 conversion function provided by NSS
doesn't like the encoding of the L=Luleå field.
Update summary
Summary: Crash on viewing SSL encrypted pages with self-signed cerificates → Crash visiting SSL site which has a UCS4 string in signer DN

    
    

    
  
ddrinan: please review the patch.
Assignee: ddrinan → javi
Status: REOPENED → NEW

    
    

    
  
Javi, These seems like a good patch for the beta, but we really should find out
what the NSS conversion routines do not like about the UCS4 encoding. Also, is
PSM using the default UCS encode/decode functions are is it using mozilla
supplied functions?

bob

    
    

    
  
r=ddrinan.

    
    

    
  
Bob,

After looking further into the problem, I think we were calling NSS incorrectly.
The string "signer" is a return value from SSL_SecurityStatus which correctly
interprets the CERTName structure and converts it to a UTF8 string.  If you take
that UTF8 string and then pass it to CERT_AsciiToName, CERT_ParseRFC1485AVA
thinks the character in question 'å' is a UCS4 string.  Since signer is really a
UTF8 string, decoding the character fails.

In essence, CERT_AsciiToName doesn't handle UTF8 strings.  Which may be the
desired effect of the function (as implied by the name).  I can file a separate
NSS bug to track that if you want.



    
    

    
  
sr=blizzard

    
    

    
  
a= asa@mozilla.org for checkin to the trunk.
(on behalf of drivers)
Blocks: 83989

    
    

    
  
Fix has been checked in.
Status: NEW → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → FIXED

    
    

    
  
*** Bug 76035 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 79414 has been marked as a duplicate of this bug. ***

    
    

    
  
Verified fixed.
Status: RESOLVED → VERIFIED

    
  
Product: PSM → Core

    
  
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: