Closed Bug 291542 Opened 16 years ago Closed 16 years ago

regression crash in certutil when request has no attributes


(NSS :: Tools, defect, P1)



(Not tracked)



(Reporter: nelson, Assigned: nelson)




(2 files)

A cert request that is encoded with an empty set of attributes will cause
certutil -C to crash.  I will attach a cert request that causes this.

This is a regression in 3.10.  Prior to 3.10, certutil completely ignored
the cert attributes in a request.  Now it honors them, but doesn't like 
an empty set.

The command 
  certutil -C -c local_ca -v 240 -i certreq -o agent.cert -d localca
where local_ca is the nickname of a cacert for which we have the priv key
will crash.  

Patch forthcoming.

Julien and I think that we should respin 3.10 RTM for this.
(Please send any objections to that plan to the mozilla-nssdev-ext list!)

We may also want to take fixes for a couple other bugs at this time.
Those were bugs that were not bad enough to warrant a respin on their
own, but are bad enough to warrant including the fix if we're going to 
respin for other reasons.
marking P1 for 3.10
Priority: -- → P1
Target Milestone: --- → 3.10
Attached file sample certreq
certreq that triggers the crash
Attached patch patch v1Splinter Review
Julien, please review
Attachment #181590 - Flags: review?(julien.pierre.bugs)
Attachment #181590 - Flags: review?(julien.pierre.bugs) → review+
*** Bug 291545 has been marked as a duplicate of this bug. ***
Seems to do the trick. I ran the test suite with this patch and all is green.

As an aside (marked as a dup
of this) also noted that this version of certutil creates CSRs with an extension
request sequence even when there are none specified. I'll look into this and
open another bug if it seems to be a real bug.
Checking in certutil.c;  new revision: 1.94; previous revision: 1.93
Closed: 16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.