Closed Bug 1350281 Opened 8 years ago Closed 8 years ago

pk12util crashes with RC4 PBEs

Categories

(NSS :: Tools, defect)

Product:
NSS
Component:
Tools
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ueno, Assigned: ueno)

Details

Attachments

(2 files)

nss-pkcs12-rc4.patch
1.25 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review
nss-pk12util-test-typo.patch
709 bytes, patch
KaiE
: review+
Details | Diff | Splinter Review
Hubert discovered that pk12util crashes when exporting a bundle encrypted with PKCS#5v2 RC4 PBE: https://bugzilla.redhat.com/show_bug.cgi?id=1384147#c6 It is also the case with the other RC4 PBEs (PKCS#12 or PKCS#5 v1): $ gdb --args ./pk12util -o bundle.p12 -n ca -w pwfile -k pwfile -d sql:nssdb/ -C "PKCS #12 V2 PBE With SHA-1 and 40 Bit RC4" (gdb) r Program received signal SIGSEGV, Segmentation fault. 0x00007ffff6d7e4ac in PK11_CipherOp (context=0x68f3d0, out=0x0, outlen=0x0, maxout=0, in=0x0, inlen=0) at pk11cxt.c:715 715 *outlen = length; (gdb) bt #0 0x00007ffff6d7e4ac in PK11_CipherOp (context=0x68f3d0, out=0x0, outlen=0x0, maxout=0, in=0x0, inlen=0) at pk11cxt.c:715 #1 0x00007ffff70ca821 in sec_PKCS7Encrypt (obj=0x6cffd0, output=0x0, output_len_p=0x0, max_output_len=0, input=0x0, input_len=0, final=1) at p7local.c:624 #2 0x00007ffff70c8ca9 in sec_pkcs7_encoder_work_data (p7ecx=0x6cdb90, dest=0x0, data=0x0, len=0, final=1) at p7encode.c:513 #3 0x00007ffff70c994f in SEC_PKCS7EncoderFinish (p7ecx=0x6cdb90, pwfn=0x0, pwfnarg=0x0) at p7encode.c:896 #4 0x00007ffff70bcaa3 in sec_pkcs12_encoder_asafe_process (p12ecx=0x6d9030) at p12e.c:1821 #5 0x00007ffff70bcfea in SEC_PKCS12Encode (p12exp=0x6d1220, output=0x405c13 <p12u_WriteToExportFile>, outputarg=0x6cef50) at p12e.c:2021 This is because NULL is passed as output_len_p to sec_PKCS7Encrypt, which expects it non-NULL. I thought that the tools.sh test has tests for those PBEs, but it seems to be excluded by a typo: https://dxr.mozilla.org/mozilla-central/source/security/nss/tests/tools/tools.sh#328 where the second argument to export_list_import should be "${cert_cipher}". I am attaching a patch for those.
Attachment #8850900 - Flags: review?(rrelyea)
Comment on attachment 8850900 [details] [diff] [review] nss-pkcs12-rc4.patch Review of attachment 8850900 [details] [diff] [review]: ----------------------------------------------------------------- r+ rrelyea Thanks for updating the tests as well.
Attachment #8850900 - Flags: review?(rrelyea) → review+
Thank you for the review. Kai, could you push this when you have time?
Flags: needinfo?(kaie)
Assignee: nobody → dueno
Flags: needinfo?(kaie)
https://hg.mozilla.org/projects/nss/rev/1a92227d914a9f3a81563411846d5b189d6fd5c7
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.31
Sorry, the other patch in bug 1350332 revealed a typo in cipher name used in the tools.sh script. I am attaching a follow-up patch for this.
Attachment #8854873 - Flags: review?(kaie)
Comment on attachment 8854873 [details] [diff] [review] nss-pk12util-test-typo.patch r=kaie
Attachment #8854873 - Flags: review?(kaie) → review+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: