Closed Bug 863271 Opened 12 years ago Closed 7 years ago

crash in PK11Slot_GetNSSToken

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: mkaply, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-107ace56-1044-4dd9-b4de-13c5a2130418 . ============================================================= Doing this code in an observer at shutdown for a non existent cert crashes: var observer = { observe: function observe(subject, topic, data) { switch (topic) { case "profile-before-change": try { var certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB); var cert = certDB.findCertByNickname(null, "NAME OF YOUR CERTIFICATE"); certDB.deleteCertificate(cert); } catch (ex) {} break; } } } Services.obs.addObserver(observer, "profile-before-change", false);
Severity: normal → critical
OS: Windows NT → Windows 7
Is PSM/NSS already shut down at this point? If so, that's not gonna work.
Assignee: nobody → nobody
Component: Security → Libraries
Product: Core → NSS
Version: Trunk → trunk
(In reply to Justin Dolske [:Dolske] from comment #1) > Is PSM/NSS already shut down at this point? If so, that's not gonna work. Justin is right. That code is not guaranteed to work because NSS gets shut down during profile-before-change. However, it shouldn't crash. Instead, findCertByNickname should throw an exception.
Why isn't NSS using xpcom-shutdown? We should probably update the docs here: https://developer.mozilla.org/en-US/docs/Observer_Notifications To say exactly when NSS stops being available.
(In reply to Michael Kaply (mkaply) from comment #3) > Why isn't NSS using xpcom-shutdown? NSS is an external library that doesn't have access to any of Mozilla's XP* architecture magic. All required integration logic must be implemented at the application layer in the PSM module.
(In reply to Michael Kaply (mkaply) from comment #3) > Why isn't NSS using xpcom-shutdown? NSS Shutdown does disk I/O in the profile directory. The last place you can do disk I/O is in profile-before-change, which is where PSM does the shit down. > We should probably update the docs here: > > https://developer.mozilla.org/en-US/docs/Observer_Notifications > > To say exactly when NSS stops being available. PSM (for better or worse) doesn't use observer notifications to notify when NSS is not available. Instead, it uses the nsNSSShutdownObject protocol (documented in nsNSSShutdown.h) to automatically shut down any users of NSS. If you are accessing NSS through the scriptable interfaces exposed by PSM then those interfaces are supposed to start failing (gracefully through returning NS_ERROR_*) after NSS shutdown. In this case, the bug is that findCertByNickname is not checking whether NSS has already been shut down.
Any thoughts as to the best place to remove a cert a shutdown? The goal here is in a policy controlled environment to add a cert at startup and remove it at shutdown. Choices are: quit-application-granted quit-application profile-change-net-teardown profile-change-teardown
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.