Closed Bug 280941 Opened 20 years ago Closed 20 years ago

Crashing when viewing some certs ie certutil -L -d ./ -n "certname"

Categories

(NSS :: Tools, defect)

Product:
NSS
Component:
Tools
Platform:
Other
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 132942

People

(Reporter: wardish, Assigned: wtc)

Details

Attachments

(2 files)

Der cert for test server that exhibits the problem.
1.61 KB, application/octet-stream
Details
output of certutil and pp on this cert
4.02 KB, text/plain
Details 
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Build Identifier: certutil from NSS 3.3.10  Mar 25 2004 00:37:23

When attempting to view some certs via 'certutil -L -d ./ -n "certname"' 
certutil seg faults.  Usually the portion of the cert information displayed 
has a corrupted look.

I have compared a number of different certs some of which work fine other's of 
which cause a seg fault.  I noted the following, ordered on my thought of how 
likely:


1. The size of Authority Information Access is MUCH greater in all cases where 
certutil crashes.
2. The size of CRL Distribution Points is only slightly smaller than the above 
and again is much greater than the certs that do not crash certutil.
3. Authority Information Access has 2 data sets [1] and [2] as opposed to one 
or not existing in the certs that do not crash certutil.
4. Authority Key Identifier, All certs causing a crash have this Extension.
5. Authority Information Access  method on [1] not On-line Certification 
Status Protocol

Note my first guess as to the cause of this problem is a buffer overrun caused 
by a larger than expected dataset therefore items 1 and 2.


Some examples of the problem:
---

                CRL Distribution Points
            Data: Sequence {
                "p ‚l ‚h†vhttp://test-certificates.myworkinpl"
                69:63:61:2e:63:6f:6d:2f:69:43:41:2f:63:72:6c:64:
                61:74:61:2f:42:4f:41:32:25:32:30:49:6e:66:72:61:
                73:74:72:75:63:74:75:72:65:25:32:30:53:65:72:76:
                69:63:65:73:25:32:30:49:6e:74:65:72:6d:65:64:69:
                61:74:65:25:32:30:41:75:74:68:6f:72:69:74:79:2e:
                63:72:6c:86:81:ed:6c:64:61:70:3a:2f:2f:2f:43:4e:
                3d:42:4f:41:32
Segmentation Fault
testbox%
---
Another example:
---
            Name:
                Authority Information Access
            Data: Sequence {
                64:30:81:93:06:08:2b:06:01:05:05:07:30:02:86:81:
                86:68:74:74:70:3a:2f:2f:74:65:73:74:2d:63:65:72:
                74:69:66:69:63:61:74:65:73:2e:62:61:6e:6b:6f:66:
                61:6d
Segmentation Fault
testbox% 
---
and a final example:
---
            Name:
                CRL Distribution Points
            Data: Sequence {
                64:30:82:01:60:a0:82:01:5c:a0:82:01:58:86:6e:68:
                74:74:70:3a:2f:2f:74:65:73:74:2d:63:65:72:74:69:
                66:69:63:61:74:65:73:2e:62:61:6e:6b:6f:66:61:6d:
                65:72
                69:63:61:2e:63:6f:6d:2f:69:43:41:2f:63:72:6c:64:
                61:74:61:2f:42:4f:41:32:25:32:30:49:6e:66:72:61:
                73:74:72:75:63:74:75:72:65:25:32:30:53:65:72:76:
                69:63:65:73:25:32:30:45:61:73:74:25:32:30:41:75:
                74:68:6f:72:69:74:79:2e:63:72:6c:86:81:e5:6c:64:
                61:70:3a:2f:2f:2f:43:4e:3d:42:4f:41:32:25:32:30:
                49:6e:66:72:61
                "ructure%20Services%20East%
20Authority,CN=ab1cdefgh01,CN=CDP,CN=Public%20Key%
20Services,CN=Services,CN=Configuration,"
                44:43:3d:62:61:6e:6b:6f:66:61:6d:65:72:69:63:61:
                32:2c:44:43:3d:63:6f:6d:3f:63:65:72:74:69:66:69:
                63:61:74:65:52:65:76:6f:63:61:74:69:6f:6e:4c:69:
                73:74:3f:62:61:73:65:3f:6f:62:6a:65:63:74:43:6c:
                61:73:73:3d:63
                52:4c:44:69:73:74:72:69:62:75:74:69:6f:6e:50:6f:
                69:6e:74:00:00:00:00:00:0f:6d:98:00:00:00:08:00:
                00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
                0f:70:30:00:00:01:7e:00:00:00:00:2b:06:01:05:05:
                07:01:01:00:00:00:00:00:00:00:00:00:00:00
            }

            Name:
                Authority Information Access
            Data: Sequence {
                "+0†http://test-certificates.myworkin"
Segmentation Fault
willow%
---

Reproducible: Always
NSS 3.3.10 is a Sun internal build, and is supported through Sun.

Having said that, I'm sure this is all fixed already in NSS 3.10. 
I overhauled all the DER-decode-and-print code for NSS 3.10 long ago.
Unfortunately, there are no publicly available NSS 3.10 alpha builds yet.

I'm not sure how to resolve this bug.  worksforme?

Ward, if you attach the DER cert to this bug (as an attachment, not as in
inline comment), I can show you what it looks like when NSS 3.10 prints it.
After we confirm NSS 3.10 can print those
certs without crashing, we can resolve this
bug with target milestone 3.10.  The resolution
can be WORKSFORME or FIXED.  (Ideally we should
mark it as a duplicate of the bug report that
has the fix for these crashes, but it's not
necessary to do that.)
Sorry for the delay in getting this to you, been a rather busy day.
Here's the output of pp for this cert.
I also imported the cert into a DB and then listed it with certutil.  
Certutil output is identical to the pp output, as expected.
Dup'ed against the bug report where this was originally fixed in 3.10
exactly one year ago today!

*** This bug has been marked as a duplicate of 132942 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Target Milestone: --- → 3.10
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: