Closed Bug 198099 Opened 22 years ago Closed 22 years ago

certutil crashes when listing DSA certificate

Categories

(NSS :: Tools, defect, P1)

Product:
NSS
Component:
Tools
Version:
3.7.2
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jamie-bugzilla, Assigned: nelson)

References

Details

(Whiteboard: [3.7.5])

Attachments

(1 file, 1 obsolete file)

Add ability to format and print DSA certs, too.
2.78 KB, patch
jamie-bugzilla
: review+
Details | Diff | Splinter Review
I created a DSA certificate with the following certutil command: certutil -d . -S -s "cn=NAme,o=Netscape" -x -m 1 -v 60 -k dsa -g 512 -n TestCert -t "Tu,Tu,Tu" Then I try to list it and I get: > certutil -d . -L -n TestCert Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: ANSI X9.57 DSA Signature with SHA1 Digest Issuer: CN=NAme, O=Netscape Validity: Not Before: Tue Mar 18 22:36:36 2003 Not After: Wed Jun 18 22:36:36 2008 Subject: CN=NAme, O=Netscape Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:81:9c:02:41:00:8d:f2:a4:94:49:22:76:aa:3d: 25:75:9b:b0:68:69:cb:ea:c0:d8:3a:fb:8d:0c:f7: cb:b8:32:4f:0d:78:82:e5:d0:76:2f:c5:b7:21:0e: af:c2:e9:ad:ac:32:ab:7a:ac:49:69:3d:fb:f8:37: 24:c2:ec:07:36:ee:31:c8:02:91:02:15:00:c7:73: 21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30:f4:8e:da: ce:91:5f:02:40:62:6d:02:78:39:ea:0a:13:41:31: 63:a5:5b:4c:b5:00:29:9d:55:22:95:6c:ef:cb:3b: ff:10:f3:99:ce:2c:2e:71:cb:9d:e5:fa:24:ba:bf: 58:e5:b7:95:21:92:5c:9c:c4:2e:9f:6f:46:4b:08: 8c:c5:72:af:53:e6:d7:88:02 DSA Public Key: Segmentation fault (core dumped) Stack Trace: =>[1] DER_GetInteger(it = 0xa018c), line 216 in "dersubr.c" [2] SECU_PrintInteger(out = 0xfef4028c, i = 0xa018c, m = 0x57914 "Prime", level = 4), line 804 in "secutil.c" [3] secu_PrintDSAPublicKey(out = 0xfef4028c, pk = 0xa0178, m = 0x57964 "DSA Public Key", level = 3), line 1203 in "secutil.c" [4] secu_PrintSubjectPublicKeyInfo(out = 0xfef4028c, arena = 0x9c298, i = 0x9b2a4, msg = 0x57acc "Subject Public Key Info", level = 2), line 1239 in "secutil.c" [5] SECU_PrintCertificate(out = 0xfef4028c, der = 0x9d3a8, m = 0x57d68 "Data", level = 1), line 1730 in "secutil.c" [6] SECU_PrintSignedData(out = 0xfef4028c, der = 0xffbef8dc, m = 0x56e0c "Certificate", level = 0, inner = 0x29308 = &SECU_PrintCertificate(FILE *out, struct SECItemStr *der, char *m, int level)), line 2371 in "secutil.c" [7] printCertCB(cert = 0x94a68, arg = 0x94ee8), line 521 in "certutil.c" [8] listCerts(handle = 0x85e68, name = 0x63a70 "TestCert", slot = 0x8f980, raw = 0, ascii = 0, outfile = 0x64378, pwarg = 0xffbefaec), line 599 in "certutil.c" [9] ListCerts(handle = 0x85e68, name = 0x63a70 "TestCert", slot = 0x8f980, raw = 0, ascii = 0, outfile = 0x64378, pwdata = 0xffbefaec), line 643 in "certutil.c" [10] main(argc = 6, argv = 0xffbefba4), line 2567 in "certutil.c" It looks like the PQG parameters in the public key are all empty SECItems, and we dereference a NULL pointer when we try to print them out.
This was actually with NSS 3.7.2 RTM.
Assigned the bug to Nelson. Do you have a patch, Jamie?
Assignee: wtc → nelsonb
Priority: -- → P2
Target Milestone: --- → 3.8
Version: 3.7.1 → 3.7.2
This patch solves the immediate problem, the crash attempting to print an integer at a null address. It also improves the printing of hex "strings" to geneally print no more than 16 pairs of "nybbles" per line, and not wrap lines prematurely. The bigger issue is that apparently certutil has never properly parsed and printed the PQG parameters in DSA certificates. This patch does not attempt to fix that. I'll work on another patch to address that.
Attachment #118127 - Flags: review?(jpierre)
This patch adds the ability to correctly extract DSA public keys, so that they can be correctly displayed.
Attachment #118127 - Attachment is obsolete: true
Comment on attachment 118363 [details] [diff] [review] Add ability to format and print DSA certs, too. please review.
Attachment #118363 - Flags: review?(nicolson)
Comment on attachment 118363 [details] [diff] [review] Add ability to format and print DSA certs, too. Looks good.
Attachment #118363 - Flags: review?(nicolson) → review+
/cvsroot/mozilla/security/nss/cmd/lib/secutil.c,v <-- secutil.c new revision: 1.44; previous revision: 1.43 Fix checked in. Changed bug to show this affects all platforms.
Status: NEW → RESOLVED
Closed: 22 years ago
OS: Solaris → All
Priority: P2 → P1
Hardware: Sun → All
Resolution: --- → FIXED
Backported the fix to the NSS_3_7_BRANCH for 3.7.5.
Whiteboard: [3.7.5]
*** Bug 211039 has been marked as a duplicate of this bug. ***
Attachment #118127 - Flags: review?(jpierre)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: