Re: firefox 4.0 - fix for bug 644012 (was: Re: ff4 or ff3.6.16)

Wed, 23 Mar 2011 18:44:32 -0700 

This does crash FF4, which I got from Landry's website.
Thanks

On Wed, Mar 23, 2011 at 6:45 PM, roberth <rob...@openbsd.pap.st> wrote:
> On Thu, 24 Mar 2011 00:16:17 +0100
> roberth <rob...@openbsd.pap.st> wrote:
>
>> On Wed, 23 Mar 2011 21:35:51 +0000
>> Mikolaj Kucharski <miko...@kucharski.name> wrote:
>>
>> > Hi,
>> >
>> > Sorry, I cannot test this right now on OpenBSD but can anyone of you
>> > open following url: https://the.bucket.cc/ without a crash on
>> > Firefox 4 or 3.6.16 on OpenBSD?
>> >
>>
>> love these "hey, click my exploit!" ... ;)
>>
>> # openssl s_client -showcerts -connect the.bucket.cc:443
>>
>> empty subject/issuer.
>>
>> bugzilla 644012
>>
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=644012
>
> if you care:
> backport from upstream for firefox 4.0 that isn't even imported yet.
> yes, this is an ugly way to show the patch. :)
>
> #cat 
> /usr/ports/mystuff/www/mozilla-firefox/patches/patch-security_manager_ssl_src_nsNSSCallbacks_cpp
> $OpenBSD$
> --- security/manager/ssl/src/nsNSSCallbacks.cpp.orig    Thu Mar 24 00:28:40 
> 2011
> +++ security/manager/ssl/src/nsNSSCallbacks.cpp Thu Mar 24 00:31:26 2011
> @@ -1012,8 +1012,11 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
>   nsNSSShutDownPreventionLock locker;
>
>   CERTCertificate *serverCert = SSL_PeerCertificate(fd);
> +  CERTCertificateCleaner serverCertCleaner(serverCert);
> +
>   if (serverCert &&
>       serverCert->serialNumber.data &&
> +      serverCert->issuerName &&
>       !strcmp(serverCert->issuerName,
>         "CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The 
> USERTRUST Network,L=Salt Lake City,ST=UT,C=US")) {
>
> @@ -1056,8 +1059,6 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
>   // We want to remember the CA certs in the temp db, so that the application 
> can find the
>   // complete chain at any time it might need it.
>   // But we keep only those CA certs in the temp db, that we didn't already 
> know.
> -
> -  CERTCertificateCleaner serverCertCleaner(serverCert);
>
>   if (serverCert) {
>     nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
>
>

Reply via email to