1037606 – nss hangs after receiving close_notify alert from vsftpd on FTPS data connection

Bug 1037606 - nss hangs after receiving close_notify alert from vsftpd on FTPS data connection

Summary: nss hangs after receiving close_notify alert from vsftpd on FTPS data connection

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nss
Sub Component:
Version:	19
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Elio Maldonado Batiz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	918156
Blocks:	895339
TreeView+	depends on / blocked

Reported:	2013-12-03 13:18 UTC by Filip Krska
Modified:	2014-02-04 15:34 UTC (History)
CC List:	7 users (show)
Fixed In Version:	nss-3.15.4-1.fc19
Doc Type:	Bug Fix
Doc Text:
Clone Of:	918156
Environment:
Last Closed:	2014-02-03 13:33:41 UTC
Type:	Bug
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Comment 1 Filip Krska 2014-01-21 12:46:51 UTC

Seems that with

nss-3.15.4-1.fc20.x86_64

the issue doesn't manifest any more contrary to nss-3.15.2-3.fc20.x86_64 which reproduces the issue.

Tested with curl-7.32.0-3.fc20.x86_64 on client side and vsftpd-2.2.2-11.el6_4.1.x86_64 on server side.

I haven't managed to identify the patch which causes the change in behaviour (hopefully the final fix).

Could you, please, check it and decide whether it can be backported to RHEL 6 (https://bugzilla.redhat.com/show_bug.cgi?id=918156)?

Comment 2 Kai Engert (:kaie) (inactive account) 2014-02-03 13:10:11 UTC

Filip, it's good news that you can no longer reproduce this bug using NSS 3.15.4

It could mean that one of the recent bugfixes to upstream NSS had this positive side effect.

Questions about RHEL should be discussed in a RHEL bug.

Comment 3 Kai Engert (:kaie) (inactive account) 2014-02-03 13:10:46 UTC

clearing needinfo

Comment 4 Kai Engert (:kaie) (inactive account) 2014-02-03 13:11:29 UTC

Filip, because you have reported this bug can no longer be reproduced in Fedora, I'm closing this as worksforme.

Comment 5 Hubert Kario 2014-02-03 13:17:20 UTC

Still getting -12205 (SSL_ERROR_TOKEN_INSERTION_REMOVAL) when running on Fedora 19.

curl-7.29.0-12.fc19.x86_64
nss-3.15.3.1-1.fc19.x86_64
nss-3.15.3.1-1.fc19.i686
vsftpd-3.0.2-5.fc19.x86_64

Comment 6 Kai Engert (:kaie) (inactive account) 2014-02-03 13:33:41 UTC

(In reply to Hubert Kario from comment #5)
> Still getting -12205 (SSL_ERROR_TOKEN_INSERTION_REMOVAL) when running on
> Fedora 19.

Hubert, I believe these are two different issues related FTPS.

This one is about software being stuck, but only after the connection has completed correctly, and which has been reported as fixed with NSS 3.15.4

The one you are referring to with SSL_ERROR_TOKEN_INSERTION_REMOVAL, I believe, is a problem with broken functionality.

Comment 7 Kamil Dudka 2014-02-03 14:09:57 UTC

Still reproducible on up2date Fedora 19:

$ rpm -q libcurl nss vsftpd
libcurl-7.29.0-12.fc19.i686
nss-3.15.3.1-1.fc19.i686
vsftpd-3.0.2-5.fc19.i686


No longer reproducible on Fedora 20:

$ rpm -q libcurl nss vsftpd
libcurl-7.32.0-4.fc20.x86_64
nss-3.15.4-1.fc20.x86_64
vsftpd-3.0.2-6.fc20.x86_64

Comment 8 Kamil Dudka 2014-02-04 15:34:42 UTC

I tried the latest updates on Fedora 19.  curl hangs with:

nss-3.14.3-13.0.fc19.i686
nss-tools-3.14.3-13.0.fc19.i686
nss-sysinit-3.14.3-13.0.fc19.i686


... but it does not hang with:

nss-3.15.4-1.fc19.i686
nss-tools-3.15.4-1.fc19.i686
nss-sysinit-3.15.4-1.fc19.i686

Note You need to log in before you can comment on or make changes to this bug.