Closed
Bug 103219
Opened 23 years ago
Closed 19 years ago
OCSP responder failure to send data after a connect hangs client.
Categories
(Core Graveyard :: Security: UI, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla1.4final
People
(Reporter: ssaux, Assigned: KaiE)
References
(Blocks 1 open bug)
Details
If the OCSP responder allows connections but then never write anything on the
socket, then the browser will hang as NSS uses blocking sockets for OCSP, and
doesn't set a timeout for PR_Read().
The solution to this is probably not in PSM, so this is a tracking bug.
This is hard to replicate.
Reporter | ||
Updated•23 years ago
|
Priority: -- → P2
Target Milestone: --- → Future
Assignee | ||
Comment 1•23 years ago
|
||
Here is the stack trace.
It seems, blocking I/O, no timeout is used.
#0 0x406a5894 in __poll (fds=0xbfffeb18, nfds=1, timeout=5000) at
../sysdeps/unix/sysv/linux/poll.c:63
#1 0x402e467c in pt_poll_now (op=0xbfffeb94) at
../../../../../mozilla/nsprpub/pr/src/pthreads/ptio.c:568
#2 0x402e4a48 in pt_Continue (op=0xbfffeb94) at
../../../../../mozilla/nsprpub/pr/src/pthreads/ptio.c:682
#3 0x402e6851 in pt_Recv (fd=0x8a23b88, buf=0x424cf0f0, amount=8192, flags=0,
timeout=4294967295) at ../../../../../mozilla/nsprpub/pr/src/pthreads/ptio.c:1724
#4 0x402e68ba in pt_SocketRead (fd=0x8a23b88, buf=0x424cf0f0, amount=8192) at
../../../../../mozilla/nsprpub/pr/src/pthreads/ptio.c:1735
#5 0x402c494c in PR_Read (fd=0x8a23b88, buf=0x424cf0f0, amount=8192) at
../../../../../mozilla/nsprpub/pr/src/io/priometh.c:136
#6 0x416eb38e in ocsp_MinMaxRead (fd=0x8a23b88, buf=0x424cf0f0 "", minimum=128,
maximum=8192) at ocsp.c:1776
#7 0x416eb466 in ocsp_GetEncodedResponse (arena=0x0, sock=0x8a23b88) at ocsp.c:1839
#8 0x416ebc43 in CERT_GetEncodedOCSPResponse (arena=0x0, certList=0x4245e1c8,
location=0x42437728 "http://nsocsp.netscape.com", time=1002232310565881,
addServiceLocator=0, signerCert=0x0, pwArg=0x0, pRequest=0xbfffed78) at ocsp.c:2271
#9 0x416ecf99 in CERT_CheckOCSPStatus (handle=0x81ce3f8, cert=0x424a7a58,
time=1002232310565881, pwArg=0x0) at ocsp.c:3365
#10 0x416f129b in CERT_VerifyCert (handle=0x81ce3f8, cert=0x424a7a58,
checkSig=1, certUsage=certUsageEmailSigner, t=1002232310565881, wincx=0x0,
log=0x0) at certvfy.c:1119
#11 0x416f132c in CERT_VerifyCertNow (handle=0x81ce3f8, cert=0x424a7a58,
checkSig=1, certUsage=certUsageEmailSigner, wincx=0x0) at certvfy.c:1144
#12 0x41681182 in nsNSSCertificate::GetUsageArray (this=0x4242ae40,
suffix=0x417a8b3f "_p", _verified=0xbf7fea28, _count=0xbffff20c,
tmpUsages=0xbffff214) at
../../../../../mozilla/security/manager/ssl/src/nsNSSCertificate.cpp:1244
#13 0x41684d8d in nsNSSCertificate::GetPurposes (this=0x4242ae40,
_verified=0xbf7fea28, _purposes=0xbf7feb64) at
../../../../../mozilla/security/manager/ssl/src/nsNSSCertificate.cpp:1855
Updated•21 years ago
|
Assignee: ssaux → kaie
QA Contact: junruh → bmartin
Target Milestone: Future → ---
Comment 2•19 years ago
|
||
We changed the PR_Read call to a PR_Recv call with
a timeout in rev. 1.7 of lib/certhigh/ocsp.c, for
NSS bug 141256. The fix (in NSS 3.5+) first appeared
in Netscape 7, which I remember is based on Mozilla
1.4.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.4final
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•