Bug 2103706

Summary: curl segfaults [rhel-7.9.z]
Product: Red Hat Enterprise Linux 7 Reporter: Jelle van der Waa <jvanderwaa>
Component: nssAssignee: Bob Relyea <rrelyea>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: high    
Version: 7.9CC: kdudka, kpfleming, rrelyea, ssorce
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2104702 (view as bug list) Environment:
Last Closed: 2022-09-26 15:19:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2104702, 2104703    

Description Jelle van der Waa 2022-07-04 15:08:20 UTC 
Description of problem:

Curl segfaults in our CI setup after updating everything to the latest rhel-7-9 release.

Most notable upgrade related to curl was: nss (3.67.0-4.el7_9 -> 3.79.0-2.el7_9)

Version-Release number of selected component (if applicable):

curl-7.29.0-59.el7_9.1.x86_64
nss-3.79.0-2.el7_9.x86_64

A coredupm and backtrace is available in the link under additional information.

How reproducible:

Always in our CI setup.

Steps to Reproduce:

1. Execute curl with an custom CA TLS certificate

Actual results:

+ curl --insecure -s https://10.111.112.100:8443/candlepin
sh: line 3:  1601 Segmentation fault      (core dumped) curl --insecure -s https://10.111.112.100:8443/candlepin

Expected results:

curl should not segfault

Additional info:

https://github.com/cockpit-project/bots/pull/3487#issuecomment-1172224587
Comment 3 Kamil Dudka 2022-07-04 15:32:37 UTC 
Sounds like a regression in NSS.  Bob, are you aware of any related change in the recent 7.9.z update of NSS?

The backtrace is available here:

    https://github.com/cockpit-project/bots/pull/3487#issuecomment-1172224587
Comment 4 Bob Relyea 2022-07-05 19:15:33 UTC 
Hmm, that backtrace matches a known bug that should be fixed in the -2 release of NSS.
Comment 5 Bob Relyea 2022-07-05 19:33:11 UTC 
Looking closer at the backtrace, it's the same kind of issue that was fixed in -2, but a different path. This is clearly an NSS bug, and will need a patch in RHEL 7.9 (Probably in RHEL-8 and RHEL-9 if another application triggers the curl path for this bug, but curl doesn't use NSS on those platforms).
Comment 7 Kamil Dudka 2022-07-07 06:21:13 UTC 
Thank you for taking this over, Bob!
Comment 23 errata-xmlrpc 2022-09-26 15:19:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (nss, nss-softokn, nss-util, and nspr bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:6712