pk12util crash in SEC_PKCS12DecoderValidateBags

RESOLVED FIXED in 3.11.1

Status

NSS
Libraries
P1
major
RESOLVED FIXED
12 years ago
12 years ago

People

(Reporter: Jason Reid, Assigned: Alexei Volkov)

Tracking

3.11
3.11.1
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

2.09 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
(Reporter)

Description

12 years ago
This may be related to bugzilla CR 321584. 

Build: /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8

nssamdrhel3	Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ	1408 / 1412 Passed

Importing Alice's email cert & key (pk12util -i)  			Failed Core
tools.sh: Importing Alice's email cert & key -----------------
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw.17433 -w ../tests.pw.17433
./all.sh: line 244: 30612 Segmentation fault      (core dumped) pk12util -i Alice.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
<TR><TD>Importing Alice's email cert & key (pk12util -i). Core file is detected.

gdb ../../../../dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/bin/pk12util core.30612
GNU gdb Red Hat Linux (6.1post-1.20040607.17rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...(no debugging symbols found)...Using host libthread_db library "/lib64/tls/libthread_db.so.1".

Core was generated by `pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw.17433 -w ../tests.pw.1'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libssl3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libssl3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnss3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnss3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplc4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplc4.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplds4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplds4.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnspr4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnspr4.so
Reading symbols from /lib64/tls/libpthread.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/tls/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/tls/libc.so.6...(no debugging symbols found)...done.Loaded symbols for /lib64/tls/libc.so.6
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsoftokn3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsoftokn3.so
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libfreebl3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libfreebl3.so
#0  0x0000002a957b6b9f in SEC_PKCS12DecoderValidateBags ()
   from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
(gdb) backtrace
#0  0x0000002a957b6b9f in SEC_PKCS12DecoderValidateBags ()
   from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
#1  0x00000000004050b7 in P12U_ImportPKCS12Object ()
#2  0x0000000000405c3c in main ()


Importing Alice's email EC cert & key (pk12util -i) 			Failed Core
tools.sh: Importing Alice's email EC cert & key --------------
pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw.17433 -w ../tests.pw.17433
./all.sh: line 244: 30652 Segmentation fault      (core dumped) pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
<TR><TD>Importing Alice's email EC cert & key (pk12util -i). Core file is detected.

gdb ../../../../dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/bin/pk12util core.30652
GNU gdb Red Hat Linux (6.1post-1.20040607.17rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...(no debugging symbols found)...Using host libthread_db library "/lib64/tls/libthread_db.so.1".

Core was generated by `pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw.17433 -w ../tests.p'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libssl3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libssl3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnss3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnss3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplc4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplc4.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplds4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplds4.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnspr4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnspr4.so
Reading symbols from /lib64/tls/libpthread.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/tls/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/tls/libc.so.6...(no debugging symbols found)...done.Loaded symbols for /lib64/tls/libc.so.6
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsoftokn3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsoftokn3.so
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libfreebl3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libfreebl3.so
#0  0x0000002a957b6b9f in SEC_PKCS12DecoderValidateBags ()
   from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
(gdb) backtrace
#0  0x0000002a957b6b9f in SEC_PKCS12DecoderValidateBags ()
   from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
#1  0x00000000004050b7 in P12U_ImportPKCS12Object ()
#2  0x0000000000405c3c in main ()


Import the certificate and key from the PKCS#12 file (pk12util -i) 	Failed Core
fips.sh: Import the certificate and key from the PKCS#12 file
pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw.17433 -k ../tests.fipspw.17433
./all.sh: line 217: 30904 Segmentation fault      (core dumped) pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1
<TR><TD>Import the certificate and key from the PKCS#12 file (pk12util -i). Core file is detected.

gdb ../../../../dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/bin/pk12util core.30904
GNU gdb Red Hat Linux (6.1post-1.20040607.17rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...(no debugging symbols found)...Using host libthread_db library "/lib64/tls/libthread_db.so.1".

Core was generated by `pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw.17433 -k ../tests.fips'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libssl3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libssl3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnss3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnss3.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplc4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplc4.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplds4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libplds4.so
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnspr4.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libnspr4.so
Reading symbols from /lib64/tls/libpthread.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/tls/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/tls/libc.so.6...(no debugging symbols found)...done.Loaded symbols for /lib64/tls/libc.so.6
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsoftokn3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsoftokn3.so
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libfreebl3.so...(no debugging symbols found)...done.
Loaded symbols for /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libfreebl3.so
#0  0x0000002a957b6b9f in SEC_PKCS12DecoderValidateBags ()
   from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
(gdb) backtrace
#0  0x0000002a957b6b9f in SEC_PKCS12DecoderValidateBags ()
   from /share/builds/mccrel3/security/securitytip/builds/20060418.1/wozzeck_Solaris8/mozilla/dist/Linux2.4_x86_64_glibc_PTH_64_OPT.OBJ/lib/libsmime3.so
#1  0x00000000004050b7 in P12U_ImportPKCS12Object ()
#2  0x0000000000405c3c in main ()
Alexei, This occurs on nssamdrhel3 in optimized 64-bit builds.
Please See if it can be reproduced with debug builds.
If so, please debug it.  
Also, please see if any recently checkins to cmd/pk12util or lib/pkcs12
might be the cause.
Assignee: nobody → alexei.volkov.bugs
Severity: normal → major
Priority: -- → P1
Target Milestone: --- → 3.11.1
Version: 3.11.1 → 3.11
(Assignee)

Comment 2

12 years ago
Created attachment 219830 [details] [diff] [review]
mem allocation fix

Two fixes are in the patch:
 * mem allocation problem for p12dcx->safeContentsList
 * return SECFailure when sefaBags list is NULL

Both of them are fixes for the crash reported in the bug. First one looks like
actually fixes the root cause.
Attachment #219830 - Flags: review?(nelson)
Comment on attachment 219830 [details] [diff] [review]
mem allocation fix

r=nelson
Attachment #219830 - Flags: review?(nelson) → review+
(Assignee)

Comment 4

12 years ago
tip:
/cvsroot/mozilla/security/nss/lib/pkcs12/p12d.c,v  <--  p12d.c
new revision: 1.31; previous revision: 1.32

3.11 branch:
/cvsroot/mozilla/security/nss/lib/pkcs12/p12d.c,v  <--  p12d.c
new revision: 1.29.2.1; previous revision: 1.29

(Assignee)

Comment 5

12 years ago
(In reply to comment #4)
> tip:
> /cvsroot/mozilla/security/nss/lib/pkcs12/p12d.c,v  <--  p12d.c
> new revision: 1.31; previous revision: 1.32
Misstyped the message from cvs. Correct one is:

/cvsroot/mozilla/security/nss/lib/pkcs12/p12d.c,v  <--  p12d.c
new revision: 1.32; previous revision: 1.31
(Assignee)

Updated

12 years ago
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.