[tor-bugs] #13670 [Tor Browser]: ensure OCSP & favicons respect URL bar domain isolation

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 24 20:33:46 UTC 2015 

#13670: ensure OCSP & favicons respect URL bar domain isolation
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  arthuredelstein
  arthuredelstein        |     Status:  needs_revision
         Type:  defect   |  Milestone:
     Priority:  normal   |    Version:
    Component:  Tor      |   Keywords:  tbb-4.5-alpha,
  Browser                |  TorBrowserTeam201503R
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by gk):

 There is supposed to be something wrong with our debug symbols (#13917)
 but I think the following might be helpful, though:
 {{{
 Program received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 0x7fffdaafe700 (LWP 3114)]
 0x00007ffff3287941 in mozilla::psm::CertIDHash(unsigned char (&) [48],
 CERTCertificateStr const*, CERTCertificateStr const*, char const*) ()
     at /home/ubuntu/build/tor-
 browser/security/certverifier/OCSPCache.cpp:79
 79      /home/ubuntu/build/tor-
 browser/security/certverifier/OCSPCache.cpp: No such file or directory.
 (gdb) bt
 #0  0x00007ffff3287941 in mozilla::psm::CertIDHash(unsigned char (&) [48],
 CERTCertificateStr const*, CERTCertificateStr const*, char const*) ()
     at /home/ubuntu/build/tor-
 browser/security/certverifier/OCSPCache.cpp:79
 #1  0x00007ffff3287d4c in mozilla::psm::OCSPCache::Put(CERTCertificateStr
 const*, CERTCertificateStr const*, char const*, int, long, long) ()
     at /home/ubuntu/build/tor-
 browser/security/certverifier/OCSPCache.cpp:102
 #2  0x00007ffff3287123 in
 mozilla::psm::NSSCertDBTrustDomain::VerifyAndMaybeCacheEncodedOCSPResponse(CERTCertificateStr
 const*, CERTCertificateStr*, long, unsigned short, SECItemStr const*,
 mozilla::psm::NSSCertDBTrustDomain::EncodedResponseSource, bool&) ()
     at /home/ubuntu/build/tor-
 browser/security/certverifier/NSSCertDBTrustDomain.cpp:471
 #3  0x00007ffff328747a in
 mozilla::psm::NSSCertDBTrustDomain::CheckRevocation(mozilla::pkix::EndEntityOrCA,
 CERTCertificateStr const*, CERTCertificateStr*, long, SECItemStr const*)
 ()
     at /home/ubuntu/build/tor-
 browser/security/certverifier/NSSCertDBTrustDomain.cpp:411
 #4  0x00007ffff328891d in
 mozilla::pkix::BuildForward(mozilla::pkix::TrustDomain&,
 mozilla::pkix::BackCert&, long, mozilla::pkix::EndEntityOrCA,
 mozilla::pkix::KeyUsage, SECOidTag, SECOidTag, SECItemStr const*, unsigned
 int, mozilla::pkix::ScopedPtr<CERTCertListStr, &CERT_DestroyCertList>&) ()
     at /home/ubuntu/build/tor-browser/security/pkix/lib/pkixbuild.cpp:292
 #5  0x00007ffff3288aaf in
 mozilla::pkix::BuildCertChain(mozilla::pkix::TrustDoma
 in&, CERTCertificateStr*, long, mozilla::pkix::EndEntityOrCA,
 mozilla::pkix::KeyUsage, SECOidTag, SECOidTag, SECItemStr const*,
 mozilla::pkix::ScopedPtr<CERTCertListStr, &CERT_DestroyCertList>&) ()
     at /home/ubuntu/build/tor-browser/security/pkix/lib/pkixbuild.cpp:367
 #6  0x00007ffff3285770 in
 mozilla::psm::BuildCertChainForOneKeyUsage(mozilla::pkix::TrustDomain&,
 CERTCertificateStr*, long, mozilla::pkix::KeyUsage,
 mozilla::pkix::KeyUsage, mozilla::pkix::KeyUsage, SECOidTag, SECOidTag,
 SECItemStr const*, mozilla::pkix::ScopedPtr<CERTCertListStr,
 &CERT_DestroyCertList>&) [clone .constprop.2] ()
     at /home/ubuntu/build/tor-
 browser/security/certverifier/CertVerifier.cpp:348
 #7  0x00007ffff3285cbc in
 mozilla::psm::CertVerifier::MozillaPKIXVerifyCert(CERTCertificateStr*,
 long, long, void*, char const*, unsigned int,
 mozilla::psm::ChainValidationCallbackState*, SECItemStr const*,
 mozilla::pkix::ScopedPtr<CERTCertListStr, &CERT_DestroyCertList>*,
 SECOidTag*) ()
     at /home/ubuntu/build/tor-
 browser/security/certverifier/CertVerifier.cpp:479
 #8  0x00007ffff3286095 in
 mozilla::psm::CertVerifier::VerifyCert(CERTCertificateStr*, long, long,
 void*, char const*, char const*, unsigned int, SECItemStr const*,
 mozilla::pkix::ScopedPtr<CERTCertListStr, &CERT_DestroyCertList>*,
 SECOidTag*, CERTVerifyLogStr*) ()
     at /home/ubuntu/build/tor-
 browser/security/certverifier/CertVerifier.cpp:620
 #9  0x00007ffff32869f7 in
 mozilla::psm::CertVerifier::VerifySSLServerCert(CERTCertificateStr*,
 SECItemStr const*, long, void*, char const*, char const*, bool,
 mozilla::pkix::ScopedPtr<CERTCertListStr, &CERT_DestroyCertList>*,
 SECOidTag*)
     ()
     at /home/ubuntu/build/tor-
 browser/security/certverifier/CertVerifier.cpp:1000
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13670#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list