Bug 1490740
Summary: | PK11Store.getEncryptedPrivateKeyInfo() segfault if export fails [rhel-7.4.z] | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Oneata Mircea Teodor <toneata> |
Component: | jss | Assignee: | Fraser Tweedale <ftweedal> |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
Severity: | urgent | Docs Contact: | Petr Bokoc <pbokoc> |
Priority: | urgent | ||
Version: | 7.4 | CC: | aakkiang, cfu, edewata, emaldona, extras-qa, ftweedal, kwright, mharmsen, msauton, nkinder, pbokoc, rmeggins, ssidhaye |
Target Milestone: | rc | Keywords: | ZStream |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | jss-4.4.0-8.el7_4 | Doc Type: | Bug Fix |
Doc Text: |
Prior to this update, a failure to check that the result of a key wrapping operation was not NULL could in some cases cause PKI to crash due to a segmentation fault. This update adds a check that raises an exception in such cases, and a failed key wrapping operation now results in a Java exceptions instead of a crash.
|
Story Points: | --- |
Clone Of: | 1460019 | Environment: | |
Last Closed: | 2017-11-30 15:28:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1460019 | ||
Bug Blocks: |
Description
Oneata Mircea Teodor
2017-09-12 07:33:16 UTC
Please provide steps to reproduce / verify. Add doc text. Sumedh, steps to reproduce are to perform a PKCS #12 recovery of an archived key, on Dogtag installed with Thales nethsm (in wrapping mode, i.e. kra.allowEncDecrypt.{archival,recovery}=false, and with kra.legacyPKCS12=false). The operation is expected to fail, but Dogtag should not crash. Tests run on Thales HSM installation root@csqa4-guest01 hsm_setup # rpm -qi pki-tools Name : pki-tools Version : 10.4.1 Release : 15.el7_4 Architecture: x86_64 Install Date: Tuesday 26 September 2017 06:31:05 AM EDT Group : System Environment/Base Size : 954171 License : GPLv2 Signature : (none) Source RPM : pki-core-10.4.1-15.el7_4.src.rpm Build Date : Monday 18 September 2017 08:55:34 PM EDT Build Host : x86-041.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ Summary : Certificate System - PKI Tools root@csqa4-guest01 ~ # tail -n 5 /var/lib/pki/rhcs92-KRA-ssidhaye/kra/conf/CS.cfg usrgrp._002=## usrgrp.ldap=internaldb kra.allowEncDecrypt.archival=false kra.allowEncDecrypt.recovery=false kra.legacyPKCS12=false PKCS #12 recovery of an archived key when the above flags are set results in a Java exception rather than a segmentation fault. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:3300 |