Closed Bug 1350281 Opened 3 years ago Closed 3 years ago

pk12util crashes with RC4 PBEs

Categories

(NSS :: Tools, defect)

defect
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: ueno, Assigned: ueno)

Details

Attachments

(2 files)

Hubert discovered that pk12util crashes when exporting a bundle encrypted with PKCS#5v2 RC4 PBE:
https://bugzilla.redhat.com/show_bug.cgi?id=1384147#c6

It is also the case with the other RC4 PBEs (PKCS#12 or PKCS#5 v1):

$ gdb --args ./pk12util -o bundle.p12 -n ca -w pwfile -k pwfile -d sql:nssdb/ -C "PKCS #12 V2 PBE With SHA-1 and 40 Bit RC4"
(gdb) r
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6d7e4ac in PK11_CipherOp (context=0x68f3d0, out=0x0, outlen=0x0, 
    maxout=0, in=0x0, inlen=0) at pk11cxt.c:715
715	        *outlen = length;
(gdb) bt
#0  0x00007ffff6d7e4ac in PK11_CipherOp (context=0x68f3d0, out=0x0, 
    outlen=0x0, maxout=0, in=0x0, inlen=0) at pk11cxt.c:715
#1  0x00007ffff70ca821 in sec_PKCS7Encrypt (obj=0x6cffd0, output=0x0, 
    output_len_p=0x0, max_output_len=0, input=0x0, input_len=0, final=1)
    at p7local.c:624
#2  0x00007ffff70c8ca9 in sec_pkcs7_encoder_work_data (p7ecx=0x6cdb90, 
    dest=0x0, data=0x0, len=0, final=1) at p7encode.c:513
#3  0x00007ffff70c994f in SEC_PKCS7EncoderFinish (p7ecx=0x6cdb90, pwfn=0x0, 
    pwfnarg=0x0) at p7encode.c:896
#4  0x00007ffff70bcaa3 in sec_pkcs12_encoder_asafe_process (p12ecx=0x6d9030)
    at p12e.c:1821
#5  0x00007ffff70bcfea in SEC_PKCS12Encode (p12exp=0x6d1220, 
    output=0x405c13 <p12u_WriteToExportFile>, outputarg=0x6cef50)
    at p12e.c:2021

This is because NULL is passed as output_len_p to sec_PKCS7Encrypt, which expects it non-NULL.

I thought that the tools.sh test has tests for those PBEs, but it seems to be excluded by a typo:
https://dxr.mozilla.org/mozilla-central/source/security/nss/tests/tools/tools.sh#328
where the second argument to export_list_import should be "${cert_cipher}".

I am attaching a patch for those.
Attachment #8850900 - Flags: review?(rrelyea)
Comment on attachment 8850900 [details] [diff] [review]
nss-pkcs12-rc4.patch

Review of attachment 8850900 [details] [diff] [review]:
-----------------------------------------------------------------

r+ rrelyea
Thanks for updating the tests as well.
Attachment #8850900 - Flags: review?(rrelyea) → review+
Thank you for the review.
Kai, could you push this when you have time?
Flags: needinfo?(kaie)
Assignee: nobody → dueno
Flags: needinfo?(kaie)
https://hg.mozilla.org/projects/nss/rev/1a92227d914a9f3a81563411846d5b189d6fd5c7
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.31
Sorry, the other patch in bug 1350332 revealed a typo in cipher name used in the tools.sh script.  I am attaching a follow-up patch for this.
Attachment #8854873 - Flags: review?(kaie)
Comment on attachment 8854873 [details] [diff] [review]
nss-pk12util-test-typo.patch

r=kaie
Attachment #8854873 - Flags: review?(kaie) → review+
You need to log in before you can comment on or make changes to this bug.