Segmentation fault in pk12util
Categories
(NSS :: Libraries, defect, P3)
Tracking
(firefox-esr115 wontfix, firefox-esr128 fixed, firefox131 wontfix, firefox132 wontfix, firefox133 fixed)
People
(Reporter: marc, Assigned: jschanck)
References
Details
(Keywords: reporter-external, sec-low, Whiteboard: [nss-nofx][post-critsmash-triage][adv-main133+])
Attachments
(3 files)
Steps to reproduce:
/usr/bin/pk12util -W '' -l SEC_ASN1DecodeItem_Util.pk12
Actual results:
A near np-deref.
(gdb) bt
#0 SEC_ASN1DecodeItem_Util (poolp=poolp@entry=0x555555585480, dest=dest@entry=0x555555589db0, theTemplate=0x7ffff7ef9fa0 <CERT_SignedDataTemplate>,
src=src@entry=0x0) at /build/nss-NH8lp7/nss-3.98/nss/lib/util/secasn1d.c:3148
#1 0x0000555555559a89 in secu_PrintSignedDataSigOpt (level=0, inner=<optimized out>, signatureOption=withSignature, m=0x55555556229c "", der=0x0,
out=0x7ffff7dc25c0 <_IO_2_1_stdout_>) at ../lib/secutil.c:3507
#2 SECU_PrintSignedData (level=0, inner=<optimized out>, m=0x55555556229c "", der=0x0, out=0x7ffff7dc25c0 <_IO_2_1_stdout_>) at ../lib/secutil.c:3536
#3 P12U_ListPKCS12File (p12FilePw=0x7fffffffd9b0, slotPw=0x7fffffffd9c0, slot=0x555555577040, in_file=0x555555568050 "SEC_ASN1DecodeItem_Util.pk12")
at /usr/src/nss-2:3.98-1build1/nss/cmd/pk12util/pk12util.c:819
#4 main (argc=<optimized out>, argv=<optimized out>) at /usr/src/nss-2:3.98-1build1/nss/cmd/pk12util/pk12util.c:1199
(gdb) disass $pc-20,$pc+20
Dump of assembler code from 0x7ffff7f8a2f0 to 0x7ffff7f8a318:
0x00007ffff7f8a2f0 <SEC_ASN1Decode_Util+96>: (bad)
0x00007ffff7f8a2f1 <SEC_ASN1Decode_Util+97>: (bad)
0x00007ffff7f8a2f2 <SEC_ASN1Decode_Util+98>: jmp (bad)
0x00007ffff7f8a2f3 <SEC_ASN1Decode_Util+99>: jmp 0x7ffff7f8a2df <SEC_ASN1Decode_Util+79>
0x00007ffff7f8a2f5: data16 cs nop WORD PTR [rax+rax1+0x0]
0x00007ffff7f8a300 <SEC_ASN1DecodeItem_Util+0>: endbr64
=> 0x00007ffff7f8a304 <SEC_ASN1DecodeItem_Util+4>: mov rax,QWORD PTR [rcx+0x8]
0x00007ffff7f8a308 <SEC_ASN1DecodeItem_Util+8>: mov r8d,DWORD PTR [rcx+0x10]
0x00007ffff7f8a30c <SEC_ASN1DecodeItem_Util+12>: mov rcx,rax
0x00007ffff7f8a30f <SEC_ASN1DecodeItem_Util+15>: jmp 0x7ffff7f8a290 <SEC_ASN1Decode_Util>
0x00007ffff7f8a314: data16 cs nop WORD PTR [rax+rax1+0x0]
End of assembler dump.
(gdb) info registers rax rcx
rax 0x555555589db0 93824992452016
rcx 0x0 0
Expected results:
Have a nice error message due to format constraint violation.
Note1: Ignore the above version, this happens in Ubuntu 24.04.1 package Installed: 2:3.98-1build1
Note2: Security flag was set as initial assumption, but please adjust according to your triage
|
Reporter | |
Updated•1 year ago
|
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Comment 1•1 year ago
|
||
|
||
Updated•1 year ago
|
|
|
Assignee | |
Comment 2•1 year ago
|
||
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
|
||
Comment 3•1 year ago
|
||
|
|
||
Updated•1 year ago
|
|
||
Comment 4•1 year ago
|
||
Should this have been part of MFSA2024-63, when it doesn't affect Firefox directly (only NSS command line tools, that aren't shipped with Firefox) ?
|
|
||
Updated•10 months ago
|
|
|
||
Updated•7 months ago
|
Description
•