Bug 1665172
| Summary: | SIGABRT when trust anchor read a malformed file | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Han Han <hhan> | ||||
| Component: | p11-kit | Assignee: | Daiki Ueno <dueno> | ||||
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 8.1 | CC: | asosedki, ssorce | ||||
| Target Milestone: | rc | Keywords: | Triaged | ||||
| Target Release: | 8.0 | Flags: | pm-rhel:
mirror+
|
||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | p11-kit-0.23.22-1.el8 | Doc Type: | No Doc Update | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2021-05-18 14:52:33 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Thank you for running afl against the package. However, I wouldn't call it a bug, but just an assertion failure. As we don't compile it with NDEBUG=1 in RHEL, there shouldn't be a practical problem. If you suggest to make the error handling more courteous, feel free to open an upstream issue. Sorry, after a second thought, I realized that you are right: the assert condition itself is wrong and the parser should accept such PEM header. I have opened a PR: https://github.com/p11-glue/p11-kit/pull/210 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: p11-kit security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:1609 |
Created attachment 1519858 [details] crash input files and gdb backtrace of p11-kit-0.23.5-3.el7.x86_64 Description of problem: As subject Version-Release number of selected component (if applicable): p11-kit-0.23.14-4.el8.x86_64 How reproducible: 100% Steps to Reproduce: 1. Prepare a file: # cat /tmp/crashes/id:000000,sig:06,src:000066,op:ext_AO,pos:6 1-----BEGIN ------------# 2. Run following command: # trust anchor /tmp/crashes/id:000000,sig:06,src:000066,op:ext_AO,pos:6 trust: trust/pem.c:87: pem_find_begin: Assertion `suff > pref' failed. [1] 21880 abort (core dumped) trust anchor /tmp/crashes/id:000000,sig:06,src:000066,op:ext_AO,pos:6 Actual results: As above Expected results: No SIGABRT Additional info: It could be reproduced on p11-kit-0.23.5-3.el7.x86_64 and upstream 0.23.14-27-g5e6a92b. The crash input files and gdb backtrace of p11-kit-0.23.5-3.el7.x86_64 are in attachment. This bug is find by afl.