Last Comment Bug 198099 - certutil crashes when listing DSA certificate
: certutil crashes when listing DSA certificate
Status: RESOLVED FIXED
[3.7.5]
:
Product: NSS
Classification: Components
Component: Tools (show other bugs)
: 3.7.2
: All All
: P1 critical (vote)
: 3.8
Assigned To: Nelson Bolyard (seldom reads bugmail)
: Bishakha Banerjee
Mentors:
: 211039 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-03-18 14:38 PST by Jamie Nicolson
Modified: 2003-06-30 10:16 PDT (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Don't crash when printing integers at null addresses (1.02 KB, patch)
2003-03-21 21:18 PST, Nelson Bolyard (seldom reads bugmail)
no flags Details | Diff | Splinter Review
Add ability to format and print DSA certs, too. (2.78 KB, patch)
2003-03-24 16:21 PST, Nelson Bolyard (seldom reads bugmail)
jamie-bugzilla: review+
Details | Diff | Splinter Review

Description Jamie Nicolson 2003-03-18 14:38:57 PST
I created a DSA certificate with the following certutil command:
certutil -d . -S -s "cn=NAme,o=Netscape" -x -m 1 -v 60 -k dsa -g 512 -n TestCert
-t "Tu,Tu,Tu"

Then I try to list it and I get:

> certutil -d . -L -n TestCert
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA1 Digest
        Issuer: CN=NAme, O=Netscape
        Validity:
            Not Before: Tue Mar 18 22:36:36 2003
            Not After: Wed Jun 18 22:36:36 2008
        Subject: CN=NAme, O=Netscape
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:81:9c:02:41:00:8d:f2:a4:94:49:22:76:aa:3d:
                    25:75:9b:b0:68:69:cb:ea:c0:d8:3a:fb:8d:0c:f7:
                    cb:b8:32:4f:0d:78:82:e5:d0:76:2f:c5:b7:21:0e:
                    af:c2:e9:ad:ac:32:ab:7a:ac:49:69:3d:fb:f8:37:
                    24:c2:ec:07:36:ee:31:c8:02:91:02:15:00:c7:73:
                    21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30:f4:8e:da:
                    ce:91:5f:02:40:62:6d:02:78:39:ea:0a:13:41:31:
                    63:a5:5b:4c:b5:00:29:9d:55:22:95:6c:ef:cb:3b:
                    ff:10:f3:99:ce:2c:2e:71:cb:9d:e5:fa:24:ba:bf:
                    58:e5:b7:95:21:92:5c:9c:c4:2e:9f:6f:46:4b:08:
                    8c:c5:72:af:53:e6:d7:88:02
            DSA Public Key:
Segmentation fault (core dumped)

Stack Trace:

=>[1] DER_GetInteger(it = 0xa018c), line 216 in "dersubr.c"
  [2] SECU_PrintInteger(out = 0xfef4028c, i = 0xa018c, m = 0x57914 "Prime",
level = 4), line 804 in "secutil.c"
  [3] secu_PrintDSAPublicKey(out = 0xfef4028c, pk = 0xa0178, m = 0x57964 "DSA
Public Key", level = 3), line 1203 in "secutil.c"
  [4] secu_PrintSubjectPublicKeyInfo(out = 0xfef4028c, arena = 0x9c298, i =
0x9b2a4, msg = 0x57acc "Subject Public Key Info", level = 2), line 1239 in
"secutil.c"
  [5] SECU_PrintCertificate(out = 0xfef4028c, der = 0x9d3a8, m = 0x57d68 "Data",
level = 1), line 1730 in "secutil.c"
  [6] SECU_PrintSignedData(out = 0xfef4028c, der = 0xffbef8dc, m = 0x56e0c
"Certificate", level = 0, inner = 0x29308 = &SECU_PrintCertificate(FILE *out,
struct SECItemStr *der, char *m, int level)), line 2371 in "secutil.c"
  [7] printCertCB(cert = 0x94a68, arg = 0x94ee8), line 521 in "certutil.c"
  [8] listCerts(handle = 0x85e68, name = 0x63a70 "TestCert", slot = 0x8f980, raw
= 0, ascii = 0, outfile = 0x64378, pwarg = 0xffbefaec), line 599 in "certutil.c"
  [9] ListCerts(handle = 0x85e68, name = 0x63a70 "TestCert", slot = 0x8f980, raw
= 0, ascii = 0, outfile = 0x64378, pwdata = 0xffbefaec), line 643 in "certutil.c"
  [10] main(argc = 6, argv = 0xffbefba4), line 2567 in "certutil.c"


It looks like the PQG parameters in the public key are all empty SECItems, and
we dereference a NULL pointer when we try to print them out.
Comment 1 Jamie Nicolson 2003-03-18 14:39:48 PST
This was actually with NSS 3.7.2 RTM.
Comment 2 Wan-Teh Chang 2003-03-18 16:33:37 PST
Assigned the bug to Nelson.

Do you have a patch, Jamie?
Comment 3 Nelson Bolyard (seldom reads bugmail) 2003-03-21 21:18:17 PST
Created attachment 118127 [details] [diff] [review]
Don't crash when printing integers at null addresses

This patch solves the immediate problem, the crash attempting to print an
integer at a null address.  It also improves the printing of hex "strings"
to geneally print no more than 16 pairs of "nybbles" per line, and not wrap
lines prematurely.  

The bigger issue is that apparently certutil has never properly parsed and 
printed the PQG parameters in DSA certificates.  This patch does not attempt
to fix that.  I'll work on another patch to address that.
Comment 4 Nelson Bolyard (seldom reads bugmail) 2003-03-24 16:21:35 PST
Created attachment 118363 [details] [diff] [review]
Add ability to format and print DSA certs, too.

This patch adds the ability to correctly extract DSA public keys, so that they
can be correctly displayed.
Comment 5 Nelson Bolyard (seldom reads bugmail) 2003-03-24 16:23:27 PST
Comment on attachment 118363 [details] [diff] [review]
Add ability to format and print DSA certs, too.

please review.
Comment 6 Jamie Nicolson 2003-03-24 17:14:20 PST
Comment on attachment 118363 [details] [diff] [review]
Add ability to format and print DSA certs, too.

Looks good.
Comment 7 Nelson Bolyard (seldom reads bugmail) 2003-03-24 19:46:13 PST
/cvsroot/mozilla/security/nss/cmd/lib/secutil.c,v  <--  secutil.c
new revision: 1.44; previous revision: 1.43

Fix checked in.  Changed bug to show this affects all platforms.
Comment 8 Wan-Teh Chang 2003-05-14 14:58:12 PDT
Backported the fix to the NSS_3_7_BRANCH for 3.7.5.
Comment 9 Wan-Teh Chang 2003-06-30 10:16:54 PDT
*** Bug 211039 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.