I created a DSA certificate with the following certutil command: certutil -d . -S -s "cn=NAme,o=Netscape" -x -m 1 -v 60 -k dsa -g 512 -n TestCert -t "Tu,Tu,Tu" Then I try to list it and I get: > certutil -d . -L -n TestCert Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: ANSI X9.57 DSA Signature with SHA1 Digest Issuer: CN=NAme, O=Netscape Validity: Not Before: Tue Mar 18 22:36:36 2003 Not After: Wed Jun 18 22:36:36 2008 Subject: CN=NAme, O=Netscape Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:81:9c:02:41:00:8d:f2:a4:94:49:22:76:aa:3d: 25:75:9b:b0:68:69:cb:ea:c0:d8:3a:fb:8d:0c:f7: cb:b8:32:4f:0d:78:82:e5:d0:76:2f:c5:b7:21:0e: af:c2:e9:ad:ac:32:ab:7a:ac:49:69:3d:fb:f8:37: 24:c2:ec:07:36:ee:31:c8:02:91:02:15:00:c7:73: 21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30:f4:8e:da: ce:91:5f:02:40:62:6d:02:78:39:ea:0a:13:41:31: 63:a5:5b:4c:b5:00:29:9d:55:22:95:6c:ef:cb:3b: ff:10:f3:99:ce:2c:2e:71:cb:9d:e5:fa:24:ba:bf: 58:e5:b7:95:21:92:5c:9c:c4:2e:9f:6f:46:4b:08: 8c:c5:72:af:53:e6:d7:88:02 DSA Public Key: Segmentation fault (core dumped) Stack Trace: => DER_GetInteger(it = 0xa018c), line 216 in "dersubr.c"  SECU_PrintInteger(out = 0xfef4028c, i = 0xa018c, m = 0x57914 "Prime", level = 4), line 804 in "secutil.c"  secu_PrintDSAPublicKey(out = 0xfef4028c, pk = 0xa0178, m = 0x57964 "DSA Public Key", level = 3), line 1203 in "secutil.c"  secu_PrintSubjectPublicKeyInfo(out = 0xfef4028c, arena = 0x9c298, i = 0x9b2a4, msg = 0x57acc "Subject Public Key Info", level = 2), line 1239 in "secutil.c"  SECU_PrintCertificate(out = 0xfef4028c, der = 0x9d3a8, m = 0x57d68 "Data", level = 1), line 1730 in "secutil.c"  SECU_PrintSignedData(out = 0xfef4028c, der = 0xffbef8dc, m = 0x56e0c "Certificate", level = 0, inner = 0x29308 = &SECU_PrintCertificate(FILE *out, struct SECItemStr *der, char *m, int level)), line 2371 in "secutil.c"  printCertCB(cert = 0x94a68, arg = 0x94ee8), line 521 in "certutil.c"  listCerts(handle = 0x85e68, name = 0x63a70 "TestCert", slot = 0x8f980, raw = 0, ascii = 0, outfile = 0x64378, pwarg = 0xffbefaec), line 599 in "certutil.c"  ListCerts(handle = 0x85e68, name = 0x63a70 "TestCert", slot = 0x8f980, raw = 0, ascii = 0, outfile = 0x64378, pwdata = 0xffbefaec), line 643 in "certutil.c"  main(argc = 6, argv = 0xffbefba4), line 2567 in "certutil.c" It looks like the PQG parameters in the public key are all empty SECItems, and we dereference a NULL pointer when we try to print them out.
This was actually with NSS 3.7.2 RTM.
Assigned the bug to Nelson. Do you have a patch, Jamie?
Created attachment 118127 [details] [diff] [review] Don't crash when printing integers at null addresses This patch solves the immediate problem, the crash attempting to print an integer at a null address. It also improves the printing of hex "strings" to geneally print no more than 16 pairs of "nybbles" per line, and not wrap lines prematurely. The bigger issue is that apparently certutil has never properly parsed and printed the PQG parameters in DSA certificates. This patch does not attempt to fix that. I'll work on another patch to address that.
Created attachment 118363 [details] [diff] [review] Add ability to format and print DSA certs, too. This patch adds the ability to correctly extract DSA public keys, so that they can be correctly displayed.
Comment on attachment 118363 [details] [diff] [review] Add ability to format and print DSA certs, too. please review.
Comment on attachment 118363 [details] [diff] [review] Add ability to format and print DSA certs, too. Looks good.
/cvsroot/mozilla/security/nss/cmd/lib/secutil.c,v <-- secutil.c new revision: 1.44; previous revision: 1.43 Fix checked in. Changed bug to show this affects all platforms.
Backported the fix to the NSS_3_7_BRANCH for 3.7.5.
*** Bug 211039 has been marked as a duplicate of this bug. ***