Last Comment Bug 430399 - vfychain -pp crashes
: vfychain -pp crashes
Status: RESOLVED FIXED
PKIXTEST
:
Product: NSS
Classification: Components
Component: Tools (show other bugs)
: trunk
: All All
: P1 blocker (vote)
: 3.12.1
Assigned To: Nelson Bolyard (seldom reads bugmail)
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-22 20:41 PDT by Nelson Bolyard (seldom reads bugmail)
Modified: 2008-04-26 19:03 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
zip file of DER cert files to reproduce this bug (2.73 KB, application/x-zip-compressed)
2008-04-22 20:41 PDT, Nelson Bolyard (seldom reads bugmail)
no flags Details
patch v1 (1.08 KB, text/plain)
2008-04-22 20:44 PDT, Nelson Bolyard (seldom reads bugmail)
no flags Details
patch v2 (1.08 KB, patch)
2008-04-22 21:10 PDT, Nelson Bolyard (seldom reads bugmail)
alvolkov.bgs: review+
Details | Diff | Review

Description Nelson Bolyard (seldom reads bugmail) 2008-04-22 20:41:57 PDT
Created attachment 317178 [details]
zip file of DER cert files to reproduce this bug

I have a chain of test certs. 3 certs (EE, intermediate, root CA) in 3 files.
If I use the command 
 vfychain -d empty -pvv BridgeUser1cert.der NavyBridgecert.der -t ArmyRoot.der
to validate the chain, it crashes.  

The cause is the same as the cause of bug 428038, namely a crash in 
cert_pkixDestroyValOutParam when the ValOutParams block has not been 
initialized to zeros.  We do want to fix that in the library, but the 
patch is not ready.  In the mean time, I have a fix for vfychain.c that
I will attach.  It simply initializes the valOutParams.
Comment 1 Nelson Bolyard (seldom reads bugmail) 2008-04-22 20:44:25 PDT
Created attachment 317179 [details]
patch v1

This patch initializes the structures we pass to CERT_PKIXVerifyCert.
Comment 2 Nelson Bolyard (seldom reads bugmail) 2008-04-22 20:49:09 PDT
In the above cited command, "empty" is the name of a directory containing
an empty cert DB, the result of 
   certutil -d empty -N
Comment 3 Nelson Bolyard (seldom reads bugmail) 2008-04-22 21:10:03 PDT
Created attachment 317185 [details] [diff] [review]
patch v2

Sorry, that was the wrong patch file.
Comment 4 Nelson Bolyard (seldom reads bugmail) 2008-04-26 19:03:11 PDT
cmd/vfychain/vfychain.c; new revision: 1.23; previous revision: 1.22

Note You need to log in before you can comment on or make changes to this bug.