Closed Bug 430399 Opened 14 years ago Closed 14 years ago

vfychain -pp crashes

Categories

(NSS :: Tools, defect, P1)

defect

Tracking

(Not tracked)

RESOLVED FIXED
3.12.1

People

(Reporter: nelson, Assigned: nelson)

Details

(Whiteboard: PKIXTEST)

Attachments

(2 files, 1 obsolete file)

I have a chain of test certs. 3 certs (EE, intermediate, root CA) in 3 files.
If I use the command 
 vfychain -d empty -pvv BridgeUser1cert.der NavyBridgecert.der -t ArmyRoot.der
to validate the chain, it crashes.  

The cause is the same as the cause of bug 428038, namely a crash in 
cert_pkixDestroyValOutParam when the ValOutParams block has not been 
initialized to zeros.  We do want to fix that in the library, but the 
patch is not ready.  In the mean time, I have a fix for vfychain.c that
I will attach.  It simply initializes the valOutParams.
Priority: -- → P1
Whiteboard: PKIXTEST
Target Milestone: --- → 3.12.1
Attached file patch v1 (obsolete) —
This patch initializes the structures we pass to CERT_PKIXVerifyCert.
Attachment #317179 - Flags: review?(alexei.volkov.bugs)
In the above cited command, "empty" is the name of a directory containing
an empty cert DB, the result of 
   certutil -d empty -N
Attached patch patch v2Splinter Review
Sorry, that was the wrong patch file.
Attachment #317179 - Attachment is obsolete: true
Attachment #317185 - Flags: review?(alexei.volkov.bugs)
Attachment #317179 - Flags: review?(alexei.volkov.bugs)
Attachment #317185 - Flags: review?(alexei.volkov.bugs) → review+
cmd/vfychain/vfychain.c; new revision: 1.23; previous revision: 1.22
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.