Bug 2191749

Summary: [abrt] opensc: memcpy(): pkcs11-tool killed by SIGABRT
Product: [Fedora] Fedora Reporter: M. Merklinger <m.merklinger>
Component: openscAssignee: Jakub Jelen <jjelen>
Status: POST --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 38CC: crypto-team, jjelen, tm
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/a8613e9c4a8d102069c3a5f56330f480b0c319b
Whiteboard: abrt_hash:11a064cd76500d93066e43f5a441a31a6bf8f209;VARIANT_ID=workstation;
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: proc_pid_status
none
File: maps
none
File: limits none

Description M. Merklinger 2023-04-29 00:36:38 UTC 
Description of problem:
I executed the command `pkcs11-tool -l --login-type so --so-pin 12345678 --keypairgen --key-type rsa:2048` to generate a new key on the smartcard. The connected smartcard was a Nitrokey Pro.

Version-Release number of selected component:
opensc-0.23.0-3.fc38

Additional info:
reporter:       libreport-2.17.9
type:           CCpp
reason:         pkcs11-tool killed by SIGABRT
journald_cursor: s=7e20d1102e0a4c84aee515be2aa44067;i=bda73;b=4c0e4e5a3abf4f59a1f38d6b4f496033;m=5517bee92;t=5fa6e37806baf;x=3d7ab7b083867fba
executable:     /usr/bin/pkcs11-tool
cmdline:        pkcs11-tool -l --login-type so --so-pin 12345678 --keypairgen --key-type rsa:2048
cgroup:         0::/user.slice/user-1000.slice/user/app.slice/vte-spawn-bd8e100e-7009-41db-89f7-fd2f522a6add.scope
rootdir:        /
uid:            1000
kernel:         6.2.12-300.fc38.x86_64
package:        opensc-0.23.0-3.fc38
runlevel:       N 5
backtrace_rating: 4
crash_function: memcpy
comment:        I executed the command `pkcs11-tool -l --login-type so --so-pin 12345678 --keypairgen --key-type rsa:2048` to generate a new key on the smartcard. The connected smartcard was a Nitrokey Pro.

Truncated backtrace:
Thread no. 1 (12 frames)
 #7 memcpy at /usr/include/bits/string_fortified.h:29
 #8 pgp_calculate_and_store_fingerprint at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/libopensc/card-openpgp.c:2704
 #9 pgp_parse_and_set_pubkey_output at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/libopensc/card-openpgp.c:2930
 #10 pgp_gen_key at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/libopensc/card-openpgp.c:3073
 #11 pgp_card_ctl at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/libopensc/card-openpgp.c:3564
 #12 sc_card_ctl at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/libopensc/card.c:1065
 #13 openpgp_generate_key_rsa at ../pkcs15init/pkcs15-openpgp.c:250
 #14 openpgp_generate_key at ../pkcs15init/pkcs15-openpgp.c:378
 #15 sc_pkcs15init_generate_key at ../pkcs15init/pkcs15-lib.c:1611
 #16 pkcs15_gen_keypair at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/pkcs11/framework-pkcs15.c:3335
 #17 C_GenerateKeyPair at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/pkcs11/pkcs11-object.c:1180
 #19 gen_keypair at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/tools/pkcs11-tool.c:3121
Comment 1 M. Merklinger 2023-04-29 00:36:42 UTC 
Created attachment 1960941 [details]
File: proc_pid_status
Comment 2 M. Merklinger 2023-04-29 00:36:43 UTC 
Created attachment 1960942 [details]
File: maps
Comment 3 M. Merklinger 2023-04-29 00:36:45 UTC 
Created attachment 1960943 [details]
File: limits
Comment 4 M. Merklinger 2023-04-29 00:38:06 UTC 
I executed the command `pkcs11-tool -l --login-type so --so-pin 12345678 --keypairgen --key-type rsa:2048` to generate a new key on the smartcard. The connected smartcard was a Nitrokey Pro.


reporter:       libreport-2.17.9
type:           CCpp
reason:         pkcs11-tool killed by SIGABRT
journald_cursor: s=7e20d1102e0a4c84aee515be2aa44067;i=bda73;b=4c0e4e5a3abf4f59a1f38d6b4f496033;m=5517bee92;t=5fa6e37806baf;x=3d7ab7b083867fba
executable:     /usr/bin/pkcs11-tool
cmdline:        pkcs11-tool -l --login-type so --so-pin 12345678 --keypairgen --key-type rsa:2048
cgroup:         0::/user.slice/user-1000.slice/user/app.slice/vte-spawn-bd8e100e-7009-41db-89f7-fd2f522a6add.scope
rootdir:        /
uid:            1000
kernel:         6.2.12-300.fc38.x86_64
package:        opensc-0.23.0-3.fc38
runlevel:       N 5
backtrace_rating: 4
crash_function: memcpy
comment:        I executed the command `pkcs11-tool -l --login-type so --so-pin 12345678 --keypairgen --key-type rsa:2048` to generate a new key on the smartcard. The connected smartcard was a Nitrokey Pro.
Comment 5 Jakub Jelen 2023-05-02 12:08:04 UTC 
Thank you for the bug report and reproducer! If I see right, the same code is in the upstream OpenSC so it will likely be an issue in there too. Can you open a new issue in https://github.com/OpenSC/OpenSC/

I unfortunately do not have Nitrokey Pro to check what is going on there, but I assume some sanity check for the results of the conversion in ushort2bebytes() is needed.
Comment 6 Jakub Jelen 2023-08-07 14:59:58 UTC 
This was reported upstream as https://github.com/OpenSC/OpenSC/issues/2775 and fixed with the following commit:

https://github.com/OpenSC/OpenSC/commit/e8fba322a2f4d06ec5c74fe80f9e2b0e9fdefec6

Do you need a fix in some particular version of Fedora or is it ok to wait for the next upstream release (which should happen hopefully in autumn)?
Comment 7 M. Merklinger 2023-08-14 14:31:38 UTC 
The next upstream release is enough. Thank you!