vfychain -pp crashes

RESOLVED FIXED in 3.12.1

Status

NSS
Tools
P1
blocker
RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Nelson Bolyard (seldom reads bugmail))

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: PKIXTEST)

Attachments

(2 attachments, 1 obsolete attachment)

Created attachment 317178 [details]
zip file of DER cert files to reproduce this bug

I have a chain of test certs. 3 certs (EE, intermediate, root CA) in 3 files.
If I use the command 
 vfychain -d empty -pvv BridgeUser1cert.der NavyBridgecert.der -t ArmyRoot.der
to validate the chain, it crashes.  

The cause is the same as the cause of bug 428038, namely a crash in 
cert_pkixDestroyValOutParam when the ValOutParams block has not been 
initialized to zeros.  We do want to fix that in the library, but the 
patch is not ready.  In the mean time, I have a fix for vfychain.c that
I will attach.  It simply initializes the valOutParams.
(Assignee)

Updated

9 years ago
Priority: -- → P1
Whiteboard: PKIXTEST
Target Milestone: --- → 3.12.1
Created attachment 317179 [details]
patch v1

This patch initializes the structures we pass to CERT_PKIXVerifyCert.
Attachment #317179 - Flags: review?(alexei.volkov.bugs)
In the above cited command, "empty" is the name of a directory containing
an empty cert DB, the result of 
   certutil -d empty -N
Created attachment 317185 [details] [diff] [review]
patch v2

Sorry, that was the wrong patch file.
Attachment #317179 - Attachment is obsolete: true
Attachment #317185 - Flags: review?(alexei.volkov.bugs)
Attachment #317179 - Flags: review?(alexei.volkov.bugs)

Updated

9 years ago
Attachment #317185 - Flags: review?(alexei.volkov.bugs) → review+
cmd/vfychain/vfychain.c; new revision: 1.23; previous revision: 1.22
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.