Last Comment Bug 334522 - pk12util crash in SEC_PKCS12DecoderValidateBags
: pk12util crash in SEC_PKCS12DecoderValidateBags
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.11
: x86 Linux
: P1 major (vote)
: 3.11.1
Assigned To: Alexei Volkov
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-18 12:38 PDT by Jason Reid
Modified: 2006-04-26 14:52 PDT (History)
1 user (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
mem allocation fix (2.09 KB, patch)
2006-04-25 20:14 PDT, Alexei Volkov
nelson: review+
Details | Diff | Splinter Review

Description Jason Reid 2006-04-18 12:38:07 PDT
This may be related to bugzilla CR 321584. 

Build: /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8

nssamdrhel3	Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ	1408 / 1412 Passed

Importing Alice's email cert & key (pk12util -i)  			Failed Core
tools.sh: Importing Alice's email cert & key -----------------
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw.17433 -w ../tests.pw.17433
./all.sh: line 244: 30612 Segmentation fault      (core dumped) pk12util -i Alice.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
<TR><TD>Importing Alice's email cert & key (pk12util -i). Core file is detected.

gdb ../../../../dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/bin/pk12util core.30612
GNU gdb Red Hat Linux (6.1post-1.20040607.17rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...(no debugging symbols found)...Using host libthread_db library "/lib64/tls/libthread_db.so.1".

Core was generated by `pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw.17433 -w ../tests.pw.1'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libssl3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libssl3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnss3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnss3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplc4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplc4.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplds4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplds4.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnspr4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnspr4.so
Reading symbols from /lib64/tls/libpthread.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/tls/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/tls/libc.so.6...(no debugging symbols found)...done.Loaded symbols for /lib64/tls/libc.so.6
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsoftokn3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsoftokn3.so
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libfreebl3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libfreebl3.so
#0  0x0000002a957b6b9f in SEC_PKCS12DecoderValidateBags ()
   from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
(gdb) backtrace
#0  0x0000002a957b6b9f in SEC_PKCS12DecoderValidateBags ()
   from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
#1  0x00000000004050b7 in P12U_ImportPKCS12Object ()
#2  0x0000000000405c3c in main ()


Importing Alice's email EC cert & key (pk12util -i) 			Failed Core
tools.sh: Importing Alice's email EC cert & key --------------
pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw.17433 -w ../tests.pw.17433
./all.sh: line 244: 30652 Segmentation fault      (core dumped) pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
<TR><TD>Importing Alice's email EC cert & key (pk12util -i). Core file is detected.

gdb ../../../../dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/bin/pk12util core.30652
GNU gdb Red Hat Linux (6.1post-1.20040607.17rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...(no debugging symbols found)...Using host libthread_db library "/lib64/tls/libthread_db.so.1".

Core was generated by `pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw.17433 -w ../tests.p'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libssl3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libssl3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnss3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnss3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplc4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplc4.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplds4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplds4.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnspr4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnspr4.so
Reading symbols from /lib64/tls/libpthread.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/tls/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/tls/libc.so.6...(no debugging symbols found)...done.Loaded symbols for /lib64/tls/libc.so.6
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsoftokn3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsoftokn3.so
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libfreebl3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libfreebl3.so
#0  0x0000002a957b6b9f in SEC_PKCS12DecoderValidateBags ()
   from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
(gdb) backtrace
#0  0x0000002a957b6b9f in SEC_PKCS12DecoderValidateBags ()
   from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
#1  0x00000000004050b7 in P12U_ImportPKCS12Object ()
#2  0x0000000000405c3c in main ()


Import the certificate and key from the PKCS#12 file (pk12util -i) 	Failed Core
fips.sh: Import the certificate and key from the PKCS#12 file
pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw.17433 -k ../tests.fipspw.17433
./all.sh: line 217: 30904 Segmentation fault      (core dumped) pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1
<TR><TD>Import the certificate and key from the PKCS#12 file (pk12util -i). Core file is detected.

gdb ../../../../dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/bin/pk12util core.30904
GNU gdb Red Hat Linux (6.1post-1.20040607.17rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...(no debugging symbols found)...Using host libthread_db library "/lib64/tls/libthread_db.so.1".

Core was generated by `pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw.17433 -k ../tests.fips'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libssl3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libssl3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnss3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnss3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplc4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplc4.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplds4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplds4.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnspr4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnspr4.so
Reading symbols from /lib64/tls/libpthread.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/tls/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/tls/libc.so.6...(no debugging symbols found)...done.Loaded symbols for /lib64/tls/libc.so.6
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsoftokn3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsoftokn3.so
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libfreebl3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libfreebl3.so
#0  0x0000002a957b6b9f in SEC_PKCS12DecoderValidateBags ()
   from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
(gdb) backtrace
#0  0x0000002a957b6b9f in SEC_PKCS12DecoderValidateBags ()
   from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
#1  0x00000000004050b7 in P12U_ImportPKCS12Object ()
#2  0x0000000000405c3c in main ()
Comment 1 Nelson Bolyard (seldom reads bugmail) 2006-04-18 16:53:39 PDT
Alexei, This occurs on nssamdrhel3 in optimized 64-bit builds.
Please See if it can be reproduced with debug builds.
If so, please debug it.  
Also, please see if any recently checkins to cmd/pk12util or lib/pkcs12
might be the cause.
Comment 2 Alexei Volkov 2006-04-25 20:14:16 PDT
Created attachment 219830 [details] [diff] [review]
mem allocation fix

Two fixes are in the patch:
 * mem allocation problem for p12dcx->safeContentsList
 * return SECFailure when sefaBags list is NULL

Both of them are fixes for the crash reported in the bug. First one looks like
actually fixes the root cause.
Comment 3 Nelson Bolyard (seldom reads bugmail) 2006-04-25 22:15:49 PDT
Comment on attachment 219830 [details] [diff] [review]
mem allocation fix

r=nelson
Comment 4 Alexei Volkov 2006-04-26 00:05:11 PDT
tip:
/cvsroot/mozilla/security/nss/lib/pkcs12/p12d.c,v  <--  p12d.c
new revision: 1.31; previous revision: 1.32

3.11 branch:
/cvsroot/mozilla/security/nss/lib/pkcs12/p12d.c,v  <--  p12d.c
new revision: 1.29.2.1; previous revision: 1.29

Comment 5 Alexei Volkov 2006-04-26 00:08:27 PDT
(In reply to comment #4)
> tip:
> /cvsroot/mozilla/security/nss/lib/pkcs12/p12d.c,v  <--  p12d.c
> new revision: 1.31; previous revision: 1.32
Misstyped the message from cvs. Correct one is:

/cvsroot/mozilla/security/nss/lib/pkcs12/p12d.c,v  <--  p12d.c
new revision: 1.32; previous revision: 1.31

Note You need to log in before you can comment on or make changes to this bug.