pk12util: problem using -w option(segmentation fault)

RESOLVED FIXED in 3.11

Status

P1
normal
RESOLVED FIXED
13 years ago
13 years ago

People

(Reporter: alvolkov.bgs, Assigned: neil.williams)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

13 years ago
if -w <file> is used, pk12util is still asking for password. If password is given in return to the request and file does not exist, then pk12util SEGVs.

pk12util -d /export/SC/ws/nss-3.10-intr-opr/mozilla/tests_results/security/goa1.41/server_iopr_goa1.sca.SFBay.Sun.COM -i /export/SC/ws/nss-3.10-intr-opr/mozilla/tests_results/security/goa1.41/server_iopr_goa1.sca.SFBay.Sun.COM/goa1.sca.SFBay.Sun.COM.p12 -w ../pwd 
Enter Password or Pin for "NSS Certificate DB":
No password file "../pwd" exists.
Segmentation fault (core dumped)
(Reporter)

Comment 1

13 years ago
It is correct that pk12util is asking for NSS DB password when -w option is used.
The problem is mentioned SEGV.

Comment 2

13 years ago
Could you get a stack trace from the core file?
(Reporter)

Comment 3

13 years ago
Stack trace(linux):

#0  0x4207c1a5 in memcpy () from /lib/tls/libc.so.6
#1  0x0804b9d9 in P12U_GetP12FilePassword (confirmPw=0x80601c0, 
    p12FilePw=0x808a230) at pk12util.c:305
#2  0x0804bc56 in P12U_ImportPKCS12Object (
    in_file=0x80601c0 "/export/SC/ws/nss-3.10-intr-opr/mozilla/tests_results/security/goa1.4/server_iopr_goa1.sca.SFBay.Sun.COM/goa1.sca.SFBay.Sun.COM.p12", 
    slot=0x808a230, slotPw=0xbfffe398, p12FilePw=0xbfffe390) at pk12util.c:384
#3  0x0804ce66 in main (argc=0x7, argv=0xbfffe3f4) at pk12util.c:983
#4  0x42015574 in __libc_start_main () from /lib/tls/libc.so.6
Reassigning to Neil.  P1 for 3.11.  
Absent null pointer check in P12U_GetP12FilePassword
Assignee: wtchang → neil.williams
Priority: -- → P1
Target Milestone: --- → 3.11
(Assignee)

Comment 5

13 years ago
Created attachment 202606 [details] [diff] [review]
patch to check for nonexistent pw file and abort when it occurs.

The read password file routine already prints an error message and returns a null string when the file cannot be found. This patch aborts the operation in the caller (for any of the PK12 operations).
Attachment #202606 - Flags: review?(nelson)
Comment on attachment 202606 [details] [diff] [review]
patch to check for nonexistent pw file and abort when it occurs.

This patch does fix the crash.  It doesn't set the NSPR error code, but I see that the program pays no attention to that error code anyway.  There needs to be a separate bug filed about the lack of error handling in pk12util.
Attachment #202606 - Flags: review?(nelson) → review+

Comment 7

13 years ago
The bug about pk12util error reporting is bug 77290 .

Comment 8

13 years ago
Make that bug 72290, even.
(Assignee)

Comment 9

13 years ago
Checking in pk12util.c;
/cvsroot/mozilla/security/nss/cmd/pk12util/pk12util.c,v  <--  pk12util.c
new revision: 1.32; previous revision: 1.31
done
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.