[Pkg-mozext-maintainers] Bug#782772: logging into metnors.debian.net crashes iceweasel ..

2015-05-18 Thread Daniel Kahn Gillmor
Control: reassign 782772 iceweasel
Control: found 782772 37.0.2-1 38.0-2
Control: tags 782772 + upstream
Control: forwarded 782772 https://bugzilla.mozilla.org/show_bug.cgi?id=1165911

On Mon 2015-05-18 10:07:48 -0400, Daniel Kahn Gillmor wrote:
 After upgrading to 38.0-2, with iceweasel-dbg, i get the following
 backtrace during the segfault:

 Program received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 0x7fffd94fe700 (LWP 10459)]
 0x7403bb87 in GatherEKUTelemetry (certList=...)
 at 
 /tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1047

http://sources.debian.net/src/iceweasel/38.0-2/security/manager/ssl/src/SSLServerCertVerification.cpp/?hl=1024#L1047

Digging a little bit further, it looks like a bug when iceweasel's
telemetry code tries to deal with an X.509v3 certificate which has no
extensions.

I've reported the problem uptsream at
https://bugzilla.mozilla.org/show_bug.cgi?id=1165911

In the meantime, i note that the end-entity certificate offered by
mentors.debian.net is provided twice in the TLS handshake (which is not
advisable), and it has no X.509v3 extensions.

The Debian CA (cc'ing debina-ad...@debian.org here), which issued the
mentors.debian.net certificate, should probably re-issue the certificate
with some v3 extensions in it, at least:

 * basicConstraints (CA:False)
 * keyUsage (digitalSignature at least, keyEncipherment if you want to
   support RSA key exchange on mentors.debian.net)
 * extendedKeyUsage (TLS www server)
 * subjectAltName (mentors.debian.net)

These are good ideas for certificate issuance anyway, and they would
also fix the iceweasel segfault.

please let me know if i can help diagnose or repair this further.

Regards,

--dkg

Processed 156 CA certificate(s).
Resolving 'mentors.debian.net'...
Connecting to '185.22.221.46:443'...
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
 - subject `CN=mentors.debian.net', issuer 
`O=Debian,CN=ca.debian.org,EMAIL=debian-ad...@debian.org', RSA key 2048 bits, 
signed using RSA-SHA1, activated `2014-04-09 14:59:15 UTC', expires `2016-04-28 
14:59:15 UTC', SHA-1 fingerprint `82906f583787e47bf78594160895becae554ee89'
Public Key ID:
cce07f1ed3b6cc884d372d5a1062c8915f342f03
Public key's random art:
+--[ RSA 2048]+
|  ..E.o  |
| ..o ..o |
|  +.o.+ .|
| . =.. + |
|  . S .  |
|   .   o .   |
|. = B .  |
| * @ +   |
|. = +|
+-+


-BEGIN CERTIFICATE-
MIID5zCCAc+gAwIBAgIBcjANBgkqhkiG9w0BAQUFADBRMQ8wDQYDVQQKEwZEZWJp
YW4xFjAUBgNVBAMTDWNhLmRlYmlhbi5vcmcxJjAkBgkqhkiG9w0BCQEWF2RlYmlh
bi1hZG1pbkBkZWJpYW4ub3JnMB4XDTE0MDQwOTE0NTkxNVoXDTE2MDQyODE0NTkx
NVowHTEbMBkGA1UEAxMSbWVudG9ycy5kZWJpYW4ubmV0MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA0KDLpr1TgPJOfINyuzz9Gl9Goad/y3WmzfkGsrwA
6yVdPsQgXCZifESHLvAQH4FsE+EA1HH8Xn7Lj0X5o5ovrm8Z1myFo07TZ6Ib66Fy
ErZFQSZHSpZyeq4OqOLDFx3yp7kZrJgpB6uc+YFq3+6rnqGUuuujGWcYak9KV0oJ
R9yPG4ezS/b7eOXeoGwvBiaMzTlqQsm2vJBMjn3CnjB2nVK694BxdpoStU6rybtK
v8Y/m2p3HA/LVGbUE1kzarr8m4QmpyzympzH37y5nQuwUBW5PG8r2+mBSmaOqN5m
yEiuTVqCWb0me1oddqPKIJm9p3QKJby+vg6AVTmfp8SX/wIDAQABMA0GCSqGSIb3
DQEBBQUAA4ICAQAalklKXmri2Kay0m4ps2QXZbDb1fY6mxFKMHAm98CNMla2jd5V
+xYCCU2szsQSltpXZPN+PbRTI/pI7KVNOw6aopgcUIj5qYt5p9haJBmVl4aYdiNW
NTlK/lcOCsHNrrU0QTqIJ7cR/sh0FY1joGr6jCmDt1lRbRVliZw8kTe4mLezHuQz
vt5faNoiURxtAu7LagI8P+llOrNu5X3+Ww6cXwS8konZnGLslbBlcHYSo5b7MNN9
e75E1lXMITnO9ChUIA79shA1xcF8GcFdfEJUS1z5hnWWs21Rw5Y8c6NZXpth2sHT
w0qXZXP4arCMAft8O0f2YxKvUGPBX0Gbbv66RXTPw6ztCiQFKol8o3Cv61plm15j
jsfq5465ab62vOYctn8iwSUyU+LML2QuG0hnUBppOwxXwxqOtwYbO026tmsii3Ia
UbpvxAs7n0saKzkG8zY94E6J4hqG/5JQoaeWSaQTRwfs5jShvg7BpkDotyCz94vm
iuKYNJ1HghWv8LW7UUwxR6PZA7cRUclLNpJO3tX5ZxA7UtCUjuwvBuXDNr91Itq7
7JWQDrAKtMBZeC67mvZvhYOWw9Z9FlMUZ6OXu6GrEU4CVCqGj84SfolarOgrVeji
std2VPFc4HXU/YDIp7gCCM0WL1DaOF9Ba58B08mmgN7H2Qa4IvvCBKl8tw==
-END CERTIFICATE-

- Certificate[1] info:
 - subject `CN=mentors.debian.net', issuer 
`O=Debian,CN=ca.debian.org,EMAIL=debian-ad...@debian.org', RSA key 2048 bits, 
signed using RSA-SHA1, activated `2014-04-09 14:59:15 UTC', expires `2016-04-28 
14:59:15 UTC', SHA-1 fingerprint `82906f583787e47bf78594160895becae554ee89'

-BEGIN CERTIFICATE-
MIID5zCCAc+gAwIBAgIBcjANBgkqhkiG9w0BAQUFADBRMQ8wDQYDVQQKEwZEZWJp
YW4xFjAUBgNVBAMTDWNhLmRlYmlhbi5vcmcxJjAkBgkqhkiG9w0BCQEWF2RlYmlh
bi1hZG1pbkBkZWJpYW4ub3JnMB4XDTE0MDQwOTE0NTkxNVoXDTE2MDQyODE0NTkx
NVowHTEbMBkGA1UEAxMSbWVudG9ycy5kZWJpYW4ubmV0MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA0KDLpr1TgPJOfINyuzz9Gl9Goad/y3WmzfkGsrwA
6yVdPsQgXCZifESHLvAQH4FsE+EA1HH8Xn7Lj0X5o5ovrm8Z1myFo07TZ6Ib66Fy
ErZFQSZHSpZyeq4OqOLDFx3yp7kZrJgpB6uc+YFq3+6rnqGUuuujGWcYak9KV0oJ

[Pkg-mozext-maintainers] Bug#782772: logging into metnors.debian.net crashes iceweasel ..

2015-05-18 Thread Daniel Kahn Gillmor
On Mon 2015-05-18 00:45:34 -0400, Norbert Preining wrote:
 On Sun, 17 May 2015, Paul Wise wrote:
  it seems there is a serious problem with iceweasel crashing on
  https sites even from Debian, like mentors.debian.org
  (interestingly *not* https://www.debian.org/)
  
  I have contacted the Debian Mentors Team, and Paul Wise
  advised me to contact both security and icewease packaging team.
  
  I have reproduced this with iceweasel --safe-mode, it crashes
  (segfaults) repeatetly when accessing any 
 https://mentors.debian.org/

I think this was supposed to be https://mentors.debian.net/, not .org.

  I guess this must be a but in Iceweasel, but follow the advise
  of Paul to contact security, too.
 
 There is now a public bug report about this:
 
 https://bugs.debian.org/782772

 Unfortunately, this seems to be different. I have HTTPS Everywhere
 disabled, and it still crashes.

 Then I removed the package from Debian and it still crashes.

 So it seems there are more things concerned. I have also disabled
 other SSL related addons, without success. Crash is 100% repeatable.

I can replicate it as well with 37.0.2-1, starting from a fresh profile
and in safe-mode:

0 dkg@alice:~$ iceweasel -no-remote -profile $(mktemp -d) -safe-mode 
https://mentors.debian.net/

(process:7717): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size 
== 0' failed
Segmentation fault
139 dkg@alice:~$ iceweasel -version

(process:7782): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size 
== 0' failed
Mozilla Iceweasel 37.0.2
0 dkg@alice:~$

After upgrading to 38.0-2, with iceweasel-dbg, i get the following
backtrace during the segfault:


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd94fe700 (LWP 10459)]
0x7403bb87 in GatherEKUTelemetry (certList=...)
at 
/tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1047
1047
/tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:
 No such file or directory.
(gdb) bt
#0  0x7403bb87 in mozilla::psm::(anonymous 
namespace)::AuthCertificate(mozilla::psm::CertVerifier, 
mozilla::psm::TransportSecurityInfo*, CERTCertificate*, 
mozilla::ScopedCERTCertList, SECItem*, uint32_t, mozilla::pkix::Time) 
(certList=...)
at 
/tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1047
#1  0x7403bb87 in mozilla::psm::(anonymous 
namespace)::AuthCertificate(mozilla::psm::CertVerifier, 
mozilla::psm::TransportSecurityInfo*, CERTCertificate*, 
mozilla::ScopedCERTCertList, SECItem*, uint32_t, mozilla::pkix::Time) 
(certList=...)
at 
/tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1117
#2  0x7403bb87 in mozilla::psm::(anonymous 
namespace)::AuthCertificate(mozilla::psm::CertVerifier, 
mozilla::psm::TransportSecurityInfo*, CERTCertificate*, 
mozilla::ScopedCERTCertList, SECItem*, uint32_t, mozilla::pkix::Time) 
(certVerifier=..., infoObject=0x7fffcccfdbc0, cert=optimized out, 
peerCertChain=..., stapledOCSPResponse=0x0, providerFlags=optimized out, 
time=...)
at 
/tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1182
#3  0x7403be5b in mozilla::psm::(anonymous 
namespace)::SSLServerCertVerificationJob::Run() (this=0x7fffcc2e1920)
at 
/tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1310
#4  0x72c1f799 in nsThreadPool::Run() (this=0x76b53e80)
at /tmp/buildd/iceweasel-38.0/xpcom/threads/nsThreadPool.cpp:225
---Type return to continue, or q return to quit---
#5  0x72c1d3a3 in nsThread::ProcessNextEvent(bool, bool*) 
(this=0x7fffcfff8ed0, aMayWait=optimized out, aResult=0x7fffd94fddf7)
at /tmp/buildd/iceweasel-38.0/xpcom/threads/nsThread.cpp:855
#6  0x72c32829 in NS_ProcessNextEvent(nsIThread*, bool) 
(aThread=optimized out, aMayWait=aMayWait@entry=false)
at /tmp/buildd/iceweasel-38.0/xpcom/glue/nsThreadUtils.cpp:265
#7  0x72de9f64 in 
mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) 
(this=0x7fffce44fbc0, aDelegate=0x7fffd4cb9fc0)
at /tmp/buildd/iceweasel-38.0/ipc/glue/MessagePump.cpp:339
#8  0x72dde9d7 in MessageLoop::Run() (this=0x7fffd4cb9fc0)
at /tmp/buildd/iceweasel-38.0/ipc/chromium/src/base/message_loop.cc:226
#9  0x72dde9d7 in MessageLoop::Run() (this=this@entry=0x7fffd4cb9fc0)
at /tmp/buildd/iceweasel-38.0/ipc/chromium/src/base/message_loop.cc:200
#10 0x72c21aa1 in nsThread::ThreadFunc(void*) (aArg=0x7fffcfff8ed0)
at /tmp/buildd/iceweasel-38.0/xpcom/threads/nsThread.cpp:356
#11 0x71aeefa8 in _pt_root (arg=0x7fffd1d6dca0) at ptthread.c:212
#12 0x77bc70a4 in start_thread (arg=0x7fffd94fe700)
at pthread_create.c:309
#13 0x770eb04d in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb) 

hth,

  --dkg


signature.asc
Description: PGP signature

[Pkg-mozext-maintainers] Bug#782772: logging into metnors.debian.net crashes iceweasel ..

2015-05-17 Thread Norbert Preining
On Sun, 17 May 2015, Paul Wise wrote:
  it seems there is a serious problem with iceweasel crashing on
  https sites even from Debian, like mentors.debian.org
  (interestingly *not* https://www.debian.org/)
  
  I have contacted the Debian Mentors Team, and Paul Wise
  advised me to contact both security and icewease packaging team.
  
  I have reproduced this with iceweasel --safe-mode, it crashes
  (segfaults) repeatetly when accessing any 
  https://mentors.debian.org/
  I guess this must be a but in Iceweasel, but follow the advise
  of Paul to contact security, too.
 
 There is now a public bug report about this:
 
 https://bugs.debian.org/782772

Unfortunately, this seems to be different. I have HTTPS Everywhere
disabled, and it still crashes.

Then I removed the package from Debian and it still crashes.

So it seems there are more things concerned. I have also disabled
other SSL related addons, without success. Crash is 100% repeatable.

Norbert


PREINING, Norbert   http://www.preining.info
JAIST, Japan TeX Live  Debian Developer
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0  ACF0 6CAC A448 860C DC13


___
Pkg-mozext-maintainers mailing list
Pkg-mozext-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers