Memory corruption with firefox about opensc HOT 5 CLOSED

On 4/19/2014 9:13 AM, lucag73 wrote:

I have found that the opensc-pkcs11 plugin induces memory corruption in firefox 28 on a Feora 20 system.
This happens both with the distribution package AND with a recompiled version of the latest git checkout.

Authentication with the smartcard is succesful and the browser prompts correctly for the certificate therein stored; however, as soon as the certificate is shown it seems that the memory gets
corrupted and I get either

a) a segmentation fault on part of the browser
b) first the error message
Received incorrect handshakes hash values from peer. (Error code: ssl_error_bad_handshake_hash_value)
followed by
security library: memory allocation failure. (Error code: sec_error_no_memory)

Some additional debugging output would be helpful:

(1) OpenSC trace using the opensc.conf debug = 9; or the OPENSC_DEBUG=9 env variable.

(2) Use the OpenSC pkcs11-spy.so as the Firefox security device.

   Note:For both of the above see:

   https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC

(3) Mozilla NSS debugging:

   https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_environment_variables

   (But this might require a debugging build of Firefox.)

(4) Run Firefox under gdb, to catch the seg fault, and find the certificate.

The most useful and easiest to start with would be (1) and (2).

The problem could be in OpenSC, Firefox or in the OpenSc card specific code for you card.

The reference for the bug on fedora bugzilla is
https://bugzilla.redhat.com/show_bug.cgi?id=1089476

—
Reply to this email directly or view it on GitHub #232.

Douglas E. Engert [email protected]

from opensc.

I attempted (1) and (2); I am no expert on the format of the traces, but I have not seen anything which appears to be obviously wrong with them (the certificates are actually read from the smart card and used "appropriately" and I can also recognize the relevant data) however the browser is left unable to perform ssl negotiation afterwards.
I could post an extract, if needs be.

I also suppose the problem might be with firefox (I shall have to try running it under gdb or possibly a strong malloc() checker), even if an attempt with its pre-beta version (aurora) gave exactly the same behaviour (i.e. authentication successful and connection broken).

from opensc.

The module works with google chrome (stable: 34.0.1847.116) and I do not see the corruption I outlined before; this leaves either firefox or some extra library being used by firefox as culprits.
[I suspect it might be firefox NSS interface to blame]

from opensc.

Is the problem still present? The report on bugzilla is "CLOSED UPSTREAM" (whatever that means).

from opensc.

I guess so, reopen if not

from opensc.