Closed Bug 1350281 Opened 3 years ago Closed 3 years ago

pk12util crashes with RC4 PBEs


(NSS :: Tools, defect)

Not set


(Not tracked)



(Reporter: ueno, Assigned: ueno)



(2 files)

Hubert discovered that pk12util crashes when exporting a bundle encrypted with PKCS#5v2 RC4 PBE:

It is also the case with the other RC4 PBEs (PKCS#12 or PKCS#5 v1):

$ gdb --args ./pk12util -o bundle.p12 -n ca -w pwfile -k pwfile -d sql:nssdb/ -C "PKCS #12 V2 PBE With SHA-1 and 40 Bit RC4"
(gdb) r
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6d7e4ac in PK11_CipherOp (context=0x68f3d0, out=0x0, outlen=0x0, 
    maxout=0, in=0x0, inlen=0) at pk11cxt.c:715
715	        *outlen = length;
(gdb) bt
#0  0x00007ffff6d7e4ac in PK11_CipherOp (context=0x68f3d0, out=0x0, 
    outlen=0x0, maxout=0, in=0x0, inlen=0) at pk11cxt.c:715
#1  0x00007ffff70ca821 in sec_PKCS7Encrypt (obj=0x6cffd0, output=0x0, 
    output_len_p=0x0, max_output_len=0, input=0x0, input_len=0, final=1)
    at p7local.c:624
#2  0x00007ffff70c8ca9 in sec_pkcs7_encoder_work_data (p7ecx=0x6cdb90, 
    dest=0x0, data=0x0, len=0, final=1) at p7encode.c:513
#3  0x00007ffff70c994f in SEC_PKCS7EncoderFinish (p7ecx=0x6cdb90, pwfn=0x0, 
    pwfnarg=0x0) at p7encode.c:896
#4  0x00007ffff70bcaa3 in sec_pkcs12_encoder_asafe_process (p12ecx=0x6d9030)
    at p12e.c:1821
#5  0x00007ffff70bcfea in SEC_PKCS12Encode (p12exp=0x6d1220, 
    output=0x405c13 <p12u_WriteToExportFile>, outputarg=0x6cef50)
    at p12e.c:2021

This is because NULL is passed as output_len_p to sec_PKCS7Encrypt, which expects it non-NULL.

I thought that the test has tests for those PBEs, but it seems to be excluded by a typo:
where the second argument to export_list_import should be "${cert_cipher}".

I am attaching a patch for those.
Attachment #8850900 - Flags: review?(rrelyea)
Comment on attachment 8850900 [details] [diff] [review]

Review of attachment 8850900 [details] [diff] [review]:

r+ rrelyea
Thanks for updating the tests as well.
Attachment #8850900 - Flags: review?(rrelyea) → review+
Thank you for the review.
Kai, could you push this when you have time?
Flags: needinfo?(kaie)
Assignee: nobody → dueno
Flags: needinfo?(kaie)
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.31
Sorry, the other patch in bug 1350332 revealed a typo in cipher name used in the script.  I am attaching a follow-up patch for this.
Attachment #8854873 - Flags: review?(kaie)
Comment on attachment 8854873 [details] [diff] [review]

Attachment #8854873 - Flags: review?(kaie) → review+
You need to log in before you can comment on or make changes to this bug.