Closed Bug 491918 Opened 16 years ago Closed 14 years ago

Infinite recursion when encoding a NSS enveloped/digested data

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.12.3
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: KaiE, Assigned: rrelyea)

References

Details

Attachments

(4 files, 1 obsolete file)

Reproducer, see comment 0
6.71 KB, text/plain
Details
Patch supplied by nalin (not yet poperly formated.
7.44 KB, patch
Details | Diff | Splinter Review
test case (when invoked with -e -D -d dbdir -n recipient_nickname)
7.84 KB, text/plain
Details
Nalin's latest patch for this issue
7.75 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review
Forwarded from https://bugzilla.redhat.com/show_bug.cgi?id=499444 Attempting to encode a CMS message that contains enveloped (digested (data)) causes infinite recursion and stack overflow. To reproduce, compile the attached file with gcc $(pkg-config --cflags --libs nss glib-2.0) repro.c and run ./a.out a/path/to/a/certificate.pem > x This will correctly create an enveloped message. If you redefine DIGESTED in the file to "1" and recompile, ./a.out a/path/to/a/certificate.pem > x will crash with a stack overflow. AFAICS this is going on: * When secasn1e.c finishes encoding the contentType field of NSSCMSEncryptedContentInfoTemplate, sec_asn1e_next_in_sequence() gets called. * ...next_in_sequence does the "after" field notification before changing any ASN1 state. * The "after" notification ends up in nss_cms_before_data(), which creates a completely new encoding context for the "child" digested_data, and starts encoding it. * Encoding the "header" of digested_data (algorithm ID, nested raw data OID) requires more than 16 bytes, so nss_cms_encoder_work_data() will get the encrypted data and call SEC_ASN1EncoderUpdate() with it in the enveloped_data context. * As noted above, the ASN1 context was not changed before calling the "after" field notification of contentType, so SEC_ASN1EncoderUpdate() again thinks the "contentType" field was just finished encoding, calls the "after" notification again, and the whole process (recursively) repeats. See also bug 491914, a different bug related to the calling SEC_ASN1EncoderUpdate() from within a notifier called sec_asn1e_next_in_sequence ().
Kai, I can't tell if the analysis above is yours or the unnamed original reporter's analysis. The shortest advice I can give is to study the NSS test program cmsutil to see how it does this stuff. It does this correctly, and does not experience infinite loops. If the bug reporter's program is trying to do something that cmsutil does not attempt, please advise what that is. I wonder if the writer of the analysis is aware that, when encoding encrypted (that is, enveloped) data, there are TWO completely separate instances of the ASN.1 encoder running simultaneously; one encoding the input to the encryptor and one encoding the output of the encryptor. If one is not aware of this, it is easy to get confused about which of the two encoders is being watched, and form incorrect conclusions about how it is working.
I'm the original reporter, and it is my analysis. cmsutil does not implement digested data at all, so it also doesn't implement the nesting of "digested data" inside an "enveloped" wrapper. Thunderbird does not implement digested data either. I know there are two encoders; the problem is that during a notification from the "outer" encoder, the "inner" encoder is started and the output of the "inner" encoder" is fed back into the "outer" encoder while still in the process of notification, when the "outer" encoder is not expecting this.
Unreviewed, unformated patch for this issue.
(In reply to comment #3) > Created attachment 502956 [details] [diff] [review] > Patch supplied by nalin (not yet poperly formated. > > Unreviewed, unformated patch for this issue. Yeah, there are some things it still doesn't get right (the case where the message contains just data, I think), but emitting child data at the right point is the important part.
The test program I'm using for building and parsing messages.
Attached patch proposed patch (obsolete) — Splinter Review
Fixes encoding of one CMS structure inside of another, and the decoder losing pointers to nested CMS structures.
Depends on: 584224
Assignee: nobody → rrelyea
Attachment #503265 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #508610 - Flags: review?(rrelyea)
Comment on attachment 508610 [details] [diff] [review] Nalin's latest patch for this issue r+ rrelyea
Attachment #508610 - Flags: review?(rrelyea) → review+
Trunk; Checking in cmsencode.c; /cvsroot/mozilla/security/nss/lib/smime/cmsencode.c,v <-- cmsencode.c new revision: 1.10; previous revision: 1.9 done Branch: cvs commit: Examining . Checking in cmsencode.c; /cvsroot/mozilla/security/nss/lib/smime/cmsencode.c,v <-- cmsencode.c new revision: 1.6.66.4; previous revision: 1.6.66.3 done
Depends on: 632439
Depends on: 640992
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: