firefox 3.3.16 - bug 644012 (was: Re: ff4 or ff3.6.16)

Wed, 23 Mar 2011 17:32:01 -0700 

On Thu, 24 Mar 2011 00:16:17 +0100
roberth <rob...@openbsd.pap.st> wrote:

> On Wed, 23 Mar 2011 21:35:51 +0000
> Mikolaj Kucharski <miko...@kucharski.name> wrote:
> 
> > Hi,
> > 
> > Sorry, I cannot test this right now on OpenBSD but can anyone of you
> > open following url: https://the.bucket.cc/ without a crash on
> > Firefox 4 or 3.6.16 on OpenBSD?
> > 
> 
> love these "hey, click my exploit!" ... ;)
> 
> # openssl s_client -showcerts -connect the.bucket.cc:443
> 
> empty subject/issuer.
> 
> bugzilla 644012

https://bugzilla.mozilla.org/show_bug.cgi?id=644012

and for those worried sick about this running firefox 3.3.16,
and can't wait for an upstream release...

--- 
www/mozilla-firefox/patches/patch-security_manager_ssl_src_nsNSSCallbacks_cpp.orig
  Thu Mar 24 01:24:11 2011
+++ 
www/mozilla-firefox/patches/patch-security_manager_ssl_src_nsNSSCallbacks_cpp   
    Thu Mar 24 01:23:07 2011
@@ -0,0 +1,24 @@
+$OpenBSD$
+--- security/manager/ssl/src/nsNSSCallbacks.cpp.orig   Thu Mar 24 01:18:45 2011
++++ security/manager/ssl/src/nsNSSCallbacks.cpp        Thu Mar 24 01:20:00 2011
+@@ -1007,8 +1007,11 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   nsNSSShutDownPreventionLock locker;
+ 
+   CERTCertificate *serverCert = SSL_PeerCertificate(fd);
++  CERTCertificateCleaner serverCertCleaner(serverCert);
++
+   if (serverCert && 
+       serverCert->serialNumber.data &&
++      serverCert->issuerName &&
+       !strcmp(serverCert->issuerName, 
+         "CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The 
USERTRUST Network,L=Salt Lake City,ST=UT,C=US")) {
+ 
+@@ -1051,8 +1054,6 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   // We want to remember the CA certs in the temp db, so that the application 
can find the
+   // complete chain at any time it might need it.
+   // But we keep only those CA certs in the temp db, that we didn't already 
know.
+-  
+-  CERTCertificateCleaner serverCertCleaner(serverCert);
+ 
+   if (serverCert) {
+     nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;

Reply via email to