Closed Bug 620908 Opened 14 years ago Closed 14 years ago

certutil -T -d "sql:." dumps core

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Version:
3.12.8
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.9

People

(Reporter: u238590, Assigned: u238590)

Details

(Keywords: crash)

Attachments

(1 file, 2 obsolete files)

Patch v3, by Meena Vyas
3.83 KB, patch
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.9.2.12) Gecko/20101027 Firefox/3.6.12
Build Identifier: 3.12.8

certutil dumps core.

Reproducible: Always

Steps to Reproduce:
1.$/share/builds/components/security/SECURITY_3.12.8_20100916/SunOS5.10_DBG.OBJ/bin/certutil -N -d "sql:."
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.

Enter new password:
Re-enter password:
(do not enter any password)

2. $ls
cert9.db    key4.db     pkcs11.txt

3. $/share/builds/components/security/SECURITY_3.12.8_20100916/SunOS5.10_DBG.OBJ/bin/certutil -T -d "sql:."
Illegal Instruction (core dumped)
Actual Results:  
core dump

$mdb core
::stack
0xa4428(a0390, 2, 1, 1, ff002a00, 0)
libsoftokn3.so`sftkdb_ResetKeyDB+0x30(a0390, 0, 24058, 0, ff3f42f0, 0)
libsoftokn3.so`NSC_InitToken+0x2d0(2, 55f10, 0, ffbfecec, ff0000, 80808080)
libnss3.so`PK11_ResetToken+0x110(a0f08, 55f10, ff23e1a8, ff23e1ac, ff23e1b0, 0)
certutil_main+0x26b8(4, ffbfef44, 1, 4, ff002a00, fedb645c)
main+0x1c(4, ffbfef44, ffbfef58, 53c00, ff000100, 0)
_start+0x108(0, 0, 0, 0, 0, 0)

Expected Results:  
certutil should work.
The root cause of the problem is sdb_Reset was not set in the code :

$dbx certutil
...
(dbx) stop in sftkdb_ResetDB
(dbx) run -T -d "sql:."
Running: certutil -T -d sql:.
(process id 26063)
...
t@1 (l@1) signal ILL (illegal opcode) in (unknown) at 0xa4410
0x000a4410:     illtrap  0xa5660
Current function is sftkdb_ResetDB
 1527       crv = (*db->sdb_Reset)(db);
(dbx) p db
db = 0x9fed8
(dbx) p *db
*db = {
    private               = 0x900c0
    version               = 216
    sdb_type              = SDB_SQL
    sdb_flags             = 12
    app_private           = 0xa0378
    sdb_FindObjectsInit   = 0xfeb64400 = &sdb_FindObjectsInit()
    sdb_FindObjects       = 0xfeb64840 = &sdb_FindObjects()
    sdb_FindObjectsFinal  = 0xfeb649a8 = &sdb_FindObjectsFinal()
    sdb_GetAttributeValue = 0xfeb64f78 = &sdb_GetAttributeValue()
    sdb_SetAttributeValue = 0xfeb64ff8 = &sdb_SetAttributeValue()
    sdb_CreateObject      = 0xfeb656f8 = &sdb_CreateObject()
    sdb_DestroyObject     = 0xfeb65c80 = &sdb_DestroyObject()
    sdb_GetMetaData       = 0xfeb664a8 = &sdb_GetMetaData()
    sdb_PutMetaData       = 0xfeb66858 = &sdb_PutMetaData()
    sdb_Begin             = 0xfeb65ed0 = &sdb_Begin()
    sdb_Commit            = 0xfeb663c8 = &sdb_Commit()
    sdb_Abort             = 0xfeb66438 = &sdb_Abort()
    sdb_Reset             = 0xa4410
    sdb_Close             = 0xfeb66d68 = &sdb_Close()
    sdb_SetForkState      = 0xfeb66f20 = &sdb_SetForkState()
}
(dbx) l 1514
 1514   static CK_RV
 1515   sftkdb_ResetDB(SFTKDBHandle *handle)
 1516   {
 1517       CK_RV crv = CKR_OK;
 1518       SDB *db;
 1519       if (handle == NULL) {
 1520           return CKR_TOKEN_WRITE_PROTECTED;
 1521       }
 1522       db = SFTK_GET_SDB(handle);
 1523       crv = (*db->sdb_Begin)(db);
 1524       if (crv != CKR_OK) {
 1525           goto loser;
 1526       }
 1527       crv = (*db->sdb_Reset)(db);

file mozilla/security/nss/lib/softoken/sftkdb.c

Note sdb_reset points to a vague location and is not a proper function pointer.


Looking at the code sdb_Reset was not set :

1896     sdb = (SDB *) malloc(sizeof(SDB));
1897     sdb_p = (SDBPrivate *) malloc(sizeof(SDBPrivate));
1898
1899     /* invariant fields */
1900     sdb_p->sqlDBName = PORT_Strdup(dbname);
1901     sdb_p->type = type;
1902     sdb_p->table = table;
1903     sdb_p->cacheTable = cacheTable;
1904     sdb_p->lastUpdateTime = now;
1905     /* set the cache delay time. This is how long we will wait be     fore we
1906      * decide the existing cache is stale. Currently set to 10 se     c */
1907     sdb_p->updateInterval = PR_SecondsToInterval(10);
1908     sdb_p->dbMon = PR_NewMonitor();
1909     /* these fields are protected by the lock */
1910     sdb_p->sqlXactDB = NULL;
1911     sdb_p->sqlXactThread = NULL;
1912     sdb->private = sdb_p;
1913     sdb->sdb_type = SDB_SQL;
1914     sdb->sdb_flags = flags | SDB_HAS_META;
1915     sdb->sdb_FindObjectsInit = sdb_FindObjectsInit;
1916     sdb->sdb_FindObjects = sdb_FindObjects;
1917     sdb->sdb_FindObjectsFinal = sdb_FindObjectsFinal;
1918     sdb->sdb_GetAttributeValue = sdb_GetAttributeValue;
1919     sdb->sdb_SetAttributeValue = sdb_SetAttributeValue;
1920     sdb->sdb_CreateObject = sdb_CreateObject;
1921     sdb->sdb_DestroyObject = sdb_DestroyObject;
1922     sdb->sdb_GetMetaData = sdb_GetMetaData;
1923     sdb->sdb_PutMetaData = sdb_PutMetaData;
1924     sdb->sdb_Begin = sdb_Begin;
1925     sdb->sdb_Commit = sdb_Commit;
1926     sdb->sdb_Abort = sdb_Abort;
1927     sdb->sdb_Close = sdb_Close;
1928     sdb->sdb_SetForkState = sdb_SetForkState;
1929
1930     if (inTransaction) {
1931     sqlerr = sqlite3_exec(sqlDB, COMMIT_CMD, NULL, 0, NULL);
1932     if (sqlerr != SQLITE_OK) {
1933         error = sdb_mapSQLError(sdb_p->type, sqlerr);
1934         goto loser;
1935     }
1936     inTransaction = 0;
1937     }

file "security/nss/lib/softoken/sdb.c"
Summary: certutil dumps core → certutil -T "sql:" dumps core
Version: unspecified → 3.12.8
confirmed on Windows NT.
Assignee: nobody → meena.vyas
Status: UNCONFIRMED → NEW
Component: Tools → Libraries
Ever confirmed: true
Keywords: crash
OS: Solaris → All
Priority: -- → P1
QA Contact: tools → libraries
Hardware: Sun → All
Summary: certutil -T "sql:" dumps core → certutil -T -d "sql:." dumps core
Meena, 
Thanks for finding this!  Please submit a patch to fix it and request review 
from me or rrelyea.  I suggest you add your name and email address to the 
file's list of contributors in that patch.  Fame and glory await!  :-)
Adding the missing function pointer for reset function in file mozilla/security/nss/lib/softtoken/sdb.c

This patch was generated as shown below : 

$export CVSROOT=:pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
$cvs co -r NSPR_4_8_6_RTM NSPR
$cvs co -r NSS_3_12_8_RTM NSS
$cd mozilla/
$gpatch -p 0 < patch.txt
$cd security/nss
$gmake nss_build_all

I have tested "certutil -T" manually. 

$cd mozilla/security/nss/tests/
$HOST=<myhostname> DOMSUF=india.sun.com ./all.sh

SUMMARY:
========
NSS variables:
--------------
HOST=<myhostname>
DOMSUF=india.sun.com
BUILD_OPT=
USE_64=
NSS_CYCLES=""
NSS_TESTS=""
NSS_SSL_TESTS="crl bypass_normal normal_bypass fips_normal normal_fips iopr"
NSS_SSL_RUN="cov auth stress"
NSS_AIA_PATH=
NSS_AIA_HTTP=
NSS_AIA_OCSP=
IOPR_HOSTADDR_LIST=
PKITS_DATA=

Tests summary:
--------------
Passed:             3695
Failed:             7
Failed with core:   0
Unknown status:     0

three failures are : 
36544 TIMESTAMP ssl BEGIN: Thu Dec 23 14:51:15 IST 2010
36545 ssl.sh: SSL tests ===============================
36546 ssl.sh: CRL SSL Client Tests   ===============================
36547 ssl.sh: TLS Request don't require client auth (client does not provide auth) --      --
36548 selfserv starting at Thu Dec 23 14:51:20 IST 2010
36549 selfserv -D -p 8443 -d ../server -n <myhostname>.india.sun.com  \
36550           -w nss -r -i ../tests_pid.17571  &
36551 selfserv: PR_Bind returned error -5982:
36552 Local Network address is in use.
36553 trying to connect to selfserv at Thu Dec 23 14:51:20 IST 2010
36554 tstclnt -p 8443 -h <myhostname>.india.sun.com  -q \
36555         -d ../client -v < /export1/certutil-bug/mozilla/security/nss/tests/ssl/      sslreq.dat
36556 tstclnt: connecting to <myhostname>.india.sun.com:8443 (address=xxx.xxx.xx.xxx)
36557 kill -0 27283 >/dev/null 2>/dev/null
36558 ssl.sh: Exit: 10 Fatal - selfserv process not detectable - FAILED
36559 ssl.sh: #1549: 10 Fatal - selfserv process not detectable - FAILED
36560 ./init.sh: line 178: kill: (27283) - No such process
36561 TIMESTAMP ssl END: Thu Dec 23 14:51:22 IST 2010


46548 chains.sh: Verifying certificate(s)  PayPalEE.cert with flags  -d AllDB    -o O      ID.2.16.840.1.113733.1.7.23.6
46549 vfychain -d AllDB -pp -vv     -o OID.2.16.840.1.113733.1.7.23.6  /export1/certu      til-bug/mozilla/security/nss/tests/libpkix/certs/PayPalEE.cert
46550 Chain is bad, -8181 = Peer's Certificate has expired.
46551 PROBLEM WITH THE CERT CHAIN:
46552 CERT 0. PayPalEE :
46553   ERROR -8181: Peer's Certificate has expired.
46554 Returned value is 1, expected result is pass
46555 chains.sh: #2146: RealCerts: Verifying certificate(s)  PayPalEE.cert with flags        -d AllDB    -o OID.2.16.840.1.113733.1.7.23.6  - FAILED


55534 ssl.sh: CRL SSL Client Tests   ===============================
55535 ssl.sh: TLS Request don't require client auth (client does not provide auth) --      --
55536 selfserv starting at Thu Dec 23 14:59:34 IST 2010
55537 selfserv -D -p 8443 -d ../server -n <myhostname>.india.sun.com  \
55538           -w nss -r -i ../tests_pid.17571  &
55539 selfserv: PR_Bind returned error -5982:
55540 Local Network address is in use.
55541 trying to connect to selfserv at Thu Dec 23 14:59:34 IST 2010
55542 tstclnt -p 8443 -h <myhostname>.india.sun.com  -q \
55543         -d ../client -v < /export1/certutil-bug/mozilla/security/nss/tests/ssl/      sslreq.dat
55544 tstclnt: connecting to <myhostname>.india.sun.com:8443 (address=xxx.xxx.xxxx.xxx)
55545 kill -0 21531 >/dev/null 2>/dev/null
55546 ssl.sh: Exit: 10 Fatal - selfserv process not detectable - FAILED
55547 ssl.sh: #2529: 10 Fatal - selfserv process not detectable - FAILED
55548 ./init.sh: line 178: kill: (21531) - No such process
55549 TIMESTAMP ssl END: Thu Dec 23 14:59:34 IST 2010
Attachment #499488 - Flags: review?(nelson)
Target Milestone: --- → 3.13
Comment on attachment 499488 [details] [diff] [review]
adding the missing function pointer for reset function

r+=nelson for the trunk for the 3.13 release.
It will need a second review (IINM) to be included in a 3.12.x release, 
so I'm requesting that from Bob.
Attachment #499488 - Flags: superreview?(rrelyea)
Attachment #499488 - Flags: review?(nelson)
Attachment #499488 - Flags: review+
Comment on attachment 499488 [details] [diff] [review]
adding the missing function pointer for reset function

r=wtc.

I verified that all the other function pointers are set.  I found
that the 'version' field of struct SDBStr (defined in sdb.h) is
unused.  Please remove it.  I also recommend initializing
sdb->app_private to NULL (in both sdb_init and lg_init) as
defensive programming.

MXR shows that sdb_Reset is unreachable code without this patch.
So sdb_Reset has never been used before.  Bob should take the
opportunity to review sdb_Reset...
Attachment #499488 - Flags: review+
Wan-Teh, Can this now be checked into the 3.12 branch?
(I don't know the present state of the tree for trunk and 3.12 branch with 
respect to openness and what changes to softoken code (such as this) are 
being accepted on the branch, so please advise.)
It's OK to make softoken changes on the 3.12 branch, but
the 3.12 branch may be locked down for the 3.12.9 release.
I don't know what the current status is.

The trunk is open right now.
Attached patch made changes as suggested by WTC (obsolete) — Splinter Review 
Changes include : 
Removed 'version' field of struct SDBStr (defined in sdb.h)  
Initialized sdb->app_private to NULL (in both sdb_init and lg_init) 
Added missing pointer to rest function.
Attachment #499488 - Attachment is obsolete: true
Attachment #499488 - Flags: superreview?(rrelyea)
Comment on attachment 501691 [details] [diff] [review]
made changes as suggested by WTC

I disagree with WTC's request to remove the version field.  
Binary compatibility is an issue if we remove it.
IMO, we should USE it.
Nelson is right.  We need to keep the version field
and should use it.  I simply initialize it to the
dummy value 0 for now.  I also list Meena Vyas as a
contributor in sdb.c, as patch v1 does.

Patch checked in on the NSS trunk (NSS 3.13) and
NSS_3_12_BRANCH (NSS 3.12.9).

Checking in sdb.c;
/cvsroot/mozilla/security/nss/lib/softoken/sdb.c,v  <--  sdb.c
new revision: 1.20; previous revision: 1.19
done
Checking in legacydb/lginit.c;
/cvsroot/mozilla/security/nss/lib/softoken/legacydb/lginit.c,v  <--  lginit.c
new revision: 1.16; previous revision: 1.15
done

Checking in sdb.c;
/cvsroot/mozilla/security/nss/lib/softoken/sdb.c,v  <--  sdb.c
new revision: 1.16.6.2; previous revision: 1.16.6.1
done
Checking in legacydb/lginit.c;
/cvsroot/mozilla/security/nss/lib/softoken/legacydb/lginit.c,v  <--  lginit.c
new revision: 1.14.22.1; previous revision: 1.14
done
Attachment #501691 - Attachment is obsolete: true
Attachment #501691 - Attachment is patch: true
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: 3.13 → 3.12.9
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: