certutil crashes when listing DSA certificate

RESOLVED FIXED in 3.8

Status

NSS
Tools
P1
critical
RESOLVED FIXED
15 years ago
14 years ago

People

(Reporter: Jamie Nicolson, Assigned: Nelson Bolyard (seldom reads bugmail))

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [3.7.5])

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

15 years ago
I created a DSA certificate with the following certutil command:
certutil -d . -S -s "cn=NAme,o=Netscape" -x -m 1 -v 60 -k dsa -g 512 -n TestCert
-t "Tu,Tu,Tu"

Then I try to list it and I get:

> certutil -d . -L -n TestCert
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA1 Digest
        Issuer: CN=NAme, O=Netscape
        Validity:
            Not Before: Tue Mar 18 22:36:36 2003
            Not After: Wed Jun 18 22:36:36 2008
        Subject: CN=NAme, O=Netscape
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:81:9c:02:41:00:8d:f2:a4:94:49:22:76:aa:3d:
                    25:75:9b:b0:68:69:cb:ea:c0:d8:3a:fb:8d:0c:f7:
                    cb:b8:32:4f:0d:78:82:e5:d0:76:2f:c5:b7:21:0e:
                    af:c2:e9:ad:ac:32:ab:7a:ac:49:69:3d:fb:f8:37:
                    24:c2:ec:07:36:ee:31:c8:02:91:02:15:00:c7:73:
                    21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30:f4:8e:da:
                    ce:91:5f:02:40:62:6d:02:78:39:ea:0a:13:41:31:
                    63:a5:5b:4c:b5:00:29:9d:55:22:95:6c:ef:cb:3b:
                    ff:10:f3:99:ce:2c:2e:71:cb:9d:e5:fa:24:ba:bf:
                    58:e5:b7:95:21:92:5c:9c:c4:2e:9f:6f:46:4b:08:
                    8c:c5:72:af:53:e6:d7:88:02
            DSA Public Key:
Segmentation fault (core dumped)

Stack Trace:

=>[1] DER_GetInteger(it = 0xa018c), line 216 in "dersubr.c"
  [2] SECU_PrintInteger(out = 0xfef4028c, i = 0xa018c, m = 0x57914 "Prime",
level = 4), line 804 in "secutil.c"
  [3] secu_PrintDSAPublicKey(out = 0xfef4028c, pk = 0xa0178, m = 0x57964 "DSA
Public Key", level = 3), line 1203 in "secutil.c"
  [4] secu_PrintSubjectPublicKeyInfo(out = 0xfef4028c, arena = 0x9c298, i =
0x9b2a4, msg = 0x57acc "Subject Public Key Info", level = 2), line 1239 in
"secutil.c"
  [5] SECU_PrintCertificate(out = 0xfef4028c, der = 0x9d3a8, m = 0x57d68 "Data",
level = 1), line 1730 in "secutil.c"
  [6] SECU_PrintSignedData(out = 0xfef4028c, der = 0xffbef8dc, m = 0x56e0c
"Certificate", level = 0, inner = 0x29308 = &SECU_PrintCertificate(FILE *out,
struct SECItemStr *der, char *m, int level)), line 2371 in "secutil.c"
  [7] printCertCB(cert = 0x94a68, arg = 0x94ee8), line 521 in "certutil.c"
  [8] listCerts(handle = 0x85e68, name = 0x63a70 "TestCert", slot = 0x8f980, raw
= 0, ascii = 0, outfile = 0x64378, pwarg = 0xffbefaec), line 599 in "certutil.c"
  [9] ListCerts(handle = 0x85e68, name = 0x63a70 "TestCert", slot = 0x8f980, raw
= 0, ascii = 0, outfile = 0x64378, pwdata = 0xffbefaec), line 643 in "certutil.c"
  [10] main(argc = 6, argv = 0xffbefba4), line 2567 in "certutil.c"


It looks like the PQG parameters in the public key are all empty SECItems, and
we dereference a NULL pointer when we try to print them out.
(Reporter)

Comment 1

15 years ago
This was actually with NSS 3.7.2 RTM.

Comment 2

15 years ago
Assigned the bug to Nelson.

Do you have a patch, Jamie?
Assignee: wtc → nelsonb
Priority: -- → P2
Target Milestone: --- → 3.8
Version: 3.7.1 → 3.7.2
(Assignee)

Comment 3

15 years ago
Created attachment 118127 [details] [diff] [review]
Don't crash when printing integers at null addresses

This patch solves the immediate problem, the crash attempting to print an
integer at a null address.  It also improves the printing of hex "strings"
to geneally print no more than 16 pairs of "nybbles" per line, and not wrap
lines prematurely.  

The bigger issue is that apparently certutil has never properly parsed and 
printed the PQG parameters in DSA certificates.  This patch does not attempt
to fix that.  I'll work on another patch to address that.
(Assignee)

Updated

15 years ago
Attachment #118127 - Flags: review?(jpierre)
(Assignee)

Comment 4

15 years ago
Created attachment 118363 [details] [diff] [review]
Add ability to format and print DSA certs, too.

This patch adds the ability to correctly extract DSA public keys, so that they
can be correctly displayed.
(Assignee)

Updated

15 years ago
Attachment #118127 - Attachment is obsolete: true
(Assignee)

Comment 5

15 years ago
Comment on attachment 118363 [details] [diff] [review]
Add ability to format and print DSA certs, too.

please review.
Attachment #118363 - Flags: review?(nicolson)
(Reporter)

Comment 6

15 years ago
Comment on attachment 118363 [details] [diff] [review]
Add ability to format and print DSA certs, too.

Looks good.
Attachment #118363 - Flags: review?(nicolson) → review+
(Assignee)

Comment 7

15 years ago
/cvsroot/mozilla/security/nss/cmd/lib/secutil.c,v  <--  secutil.c
new revision: 1.44; previous revision: 1.43

Fix checked in.  Changed bug to show this affects all platforms.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
OS: Solaris → All
Priority: P2 → P1
Hardware: Sun → All
Resolution: --- → FIXED

Comment 8

15 years ago
Backported the fix to the NSS_3_7_BRANCH for 3.7.5.
Whiteboard: [3.7.5]

Comment 9

14 years ago
*** Bug 211039 has been marked as a duplicate of this bug. ***

Updated

14 years ago
Attachment #118127 - Flags: review?(jpierre)
You need to log in before you can comment on or make changes to this bug.