Closed Bug 280941 Opened 20 years ago Closed 20 years ago

Crashing when viewing some certs ie certutil -L -d ./ -n "certname"

Categories

(NSS :: Tools, defect)

Product:
NSS
Component:
Tools
Platform:
Other
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 132942

People

(Reporter: wardish, Assigned: wtc)

Details

Attachments

(2 files)

Der cert for test server that exhibits the problem.
1.61 KB, application/octet-stream
Details
output of certutil and pp on this cert
4.02 KB, text/plain
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Build Identifier: certutil from NSS 3.3.10 Mar 25 2004 00:37:23 When attempting to view some certs via 'certutil -L -d ./ -n "certname"' certutil seg faults. Usually the portion of the cert information displayed has a corrupted look. I have compared a number of different certs some of which work fine other's of which cause a seg fault. I noted the following, ordered on my thought of how likely: 1. The size of Authority Information Access is MUCH greater in all cases where certutil crashes. 2. The size of CRL Distribution Points is only slightly smaller than the above and again is much greater than the certs that do not crash certutil. 3. Authority Information Access has 2 data sets [1] and [2] as opposed to one or not existing in the certs that do not crash certutil. 4. Authority Key Identifier, All certs causing a crash have this Extension. 5. Authority Information Access method on [1] not On-line Certification Status Protocol Note my first guess as to the cause of this problem is a buffer overrun caused by a larger than expected dataset therefore items 1 and 2. Some examples of the problem: --- CRL Distribution Points Data: Sequence { "p ‚l ‚h†vhttp://test-certificates.myworkinpl" 69:63:61:2e:63:6f:6d:2f:69:43:41:2f:63:72:6c:64: 61:74:61:2f:42:4f:41:32:25:32:30:49:6e:66:72:61: 73:74:72:75:63:74:75:72:65:25:32:30:53:65:72:76: 69:63:65:73:25:32:30:49:6e:74:65:72:6d:65:64:69: 61:74:65:25:32:30:41:75:74:68:6f:72:69:74:79:2e: 63:72:6c:86:81:ed:6c:64:61:70:3a:2f:2f:2f:43:4e: 3d:42:4f:41:32 Segmentation Fault testbox% --- Another example: --- Name: Authority Information Access Data: Sequence { 64:30:81:93:06:08:2b:06:01:05:05:07:30:02:86:81: 86:68:74:74:70:3a:2f:2f:74:65:73:74:2d:63:65:72: 74:69:66:69:63:61:74:65:73:2e:62:61:6e:6b:6f:66: 61:6d Segmentation Fault testbox% --- and a final example: --- Name: CRL Distribution Points Data: Sequence { 64:30:82:01:60:a0:82:01:5c:a0:82:01:58:86:6e:68: 74:74:70:3a:2f:2f:74:65:73:74:2d:63:65:72:74:69: 66:69:63:61:74:65:73:2e:62:61:6e:6b:6f:66:61:6d: 65:72 69:63:61:2e:63:6f:6d:2f:69:43:41:2f:63:72:6c:64: 61:74:61:2f:42:4f:41:32:25:32:30:49:6e:66:72:61: 73:74:72:75:63:74:75:72:65:25:32:30:53:65:72:76: 69:63:65:73:25:32:30:45:61:73:74:25:32:30:41:75: 74:68:6f:72:69:74:79:2e:63:72:6c:86:81:e5:6c:64: 61:70:3a:2f:2f:2f:43:4e:3d:42:4f:41:32:25:32:30: 49:6e:66:72:61 "ructure%20Services%20East% 20Authority,CN=ab1cdefgh01,CN=CDP,CN=Public%20Key% 20Services,CN=Services,CN=Configuration," 44:43:3d:62:61:6e:6b:6f:66:61:6d:65:72:69:63:61: 32:2c:44:43:3d:63:6f:6d:3f:63:65:72:74:69:66:69: 63:61:74:65:52:65:76:6f:63:61:74:69:6f:6e:4c:69: 73:74:3f:62:61:73:65:3f:6f:62:6a:65:63:74:43:6c: 61:73:73:3d:63 52:4c:44:69:73:74:72:69:62:75:74:69:6f:6e:50:6f: 69:6e:74:00:00:00:00:00:0f:6d:98:00:00:00:08:00: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 0f:70:30:00:00:01:7e:00:00:00:00:2b:06:01:05:05: 07:01:01:00:00:00:00:00:00:00:00:00:00:00 } Name: Authority Information Access Data: Sequence { "+0†http://test-certificates.myworkin" Segmentation Fault willow% --- Reproducible: Always
NSS 3.3.10 is a Sun internal build, and is supported through Sun. Having said that, I'm sure this is all fixed already in NSS 3.10. I overhauled all the DER-decode-and-print code for NSS 3.10 long ago. Unfortunately, there are no publicly available NSS 3.10 alpha builds yet. I'm not sure how to resolve this bug. worksforme?
Ward, if you attach the DER cert to this bug (as an attachment, not as in inline comment), I can show you what it looks like when NSS 3.10 prints it.
After we confirm NSS 3.10 can print those certs without crashing, we can resolve this bug with target milestone 3.10. The resolution can be WORKSFORME or FIXED. (Ideally we should mark it as a duplicate of the bug report that has the fix for these crashes, but it's not necessary to do that.)
Sorry for the delay in getting this to you, been a rather busy day.
Here's the output of pp for this cert. I also imported the cert into a DB and then listed it with certutil. Certutil output is identical to the pp output, as expected.
Dup'ed against the bug report where this was originally fixed in 3.10 exactly one year ago today! *** This bug has been marked as a duplicate of 132942 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Target Milestone: --- → 3.10
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: