Bug 596783

Summary: [PEM] SIGSEGV within CreateObject()
Product: Red Hat Enterprise Linux 6 Reporter: Kamil Dudka <kdudka>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED CURRENTRELEASE QA Contact: Eduard Benes <ebenes>
Severity: medium Docs Contact:
Priority: high    
Version: 6.0CC: kdudka, rrelyea
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: nss-3.12.6-3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 596674 Environment:
Last Closed: 2010-11-10 21:15:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 596674    
Bug Blocks:    
Attachments:
Description Flags
proposed fix
none
Same fix in cvs format none

Description Kamil Dudka 2010-05-27 13:59:30 UTC 
+++ This bug was initially created as a clone of Bug #596674 +++

Description of problem:

Steps to Reproduce:
1. have a self-signed certificate with server's private key in cert.pem
2. run 'cert --cacert cert.pem URL'
  
Actual results:
sigsegv.

Expected results:
curl reports it can't connect to the server using the certificate.

--- Additional comment from akozumpl on 2010-05-27 13:06:28 CEST ---

[akozumpl.redhat.com /etc/pki/nssdb]$ rpm -aq nss\* curl libcurl
nss-softokn-3.12.4-17.fc13.i686
nss-softokn-freebl-3.12.4-17.fc13.i686
libcurl-7.20.0-4.fc13.i686
nss_ldap-264-9.fc13.i686
curl-7.20.0-4.fc13.i686
nss-util-3.12.6-1.fc13.i686
nss-sysinit-3.12.6-4.fc13.i686
nss-mdns-0.10-8.fc12.i686
nss-3.12.6-4.fc13.i686

--- Additional comment from akozumpl on 2010-05-27 14:25:14 CEST ---

Created an attachment (id=417218)
my pkcs11.txt

--- Additional comment from akozumpl on 2010-05-27 14:37:25 CEST ---

Created an attachment (id=417224)
cert.pem causing the segv

--- Additional comment from kdudka on 2010-05-27 15:29:07 CEST ---

#1  CreateObject (objClass=<value optimized out>, ...)                at pinst.c:239
#2  AddObjectIfNeeded (objClass=<value optimized out>, ...)           at pinst.c:307
#3  pem_CreateObject (fwInstance=<value optimized out>, ...)          at pobject.c:1147
#4  nssCKFWSession_CreateObject (fwSession=0x6a5e00, ...)             at session.c:1353
#5  NSSCKFWC_CreateObject (fwInstance=0x6a27a0, ...)                  at wrap.c:1991
#6  PK11_CreateNewObject (slot=0x6a49f0, session=1, ...)              at pk11obj.c:412
#7  PK11_CreateGenericObject (slot=0x6a49f0, ...)                     at pk11obj.c:1347
#8  nss_load_cert (ssl=0x62ac40, filename=0x62a590 "cert.pem", ...)   at nss.c:378
#9  Curl_nss_connect (conn=<value optimized out>, ...)                at nss.c:1218
#10 Curl_ssl_connect (conn=0x62ab00, sockindex=<value optimized out>) at sslgen.c:194
#11 Curl_http_connect (conn=0x62ab00, done=0x7fffffffd97e)            at http.c:1779
#12 Curl_protocol_connect (conn=0x62ab00, ...)                        at url.c:3281
#13 setup_conn (conn=0x62ab00, protocol_done=0x7fffffffd97e)          at url.c:4963
#14 Curl_async_resolved (conn=0x62ab00, ...)                          at url.c:5066
#15 connect_host (data=<value optimized out>)                         at transfer.c:1908
#16 Curl_perform (data=<value optimized out>)                         at transfer.c:2039
#17 operate (argc=<value optimized out>, argv=<value optimized out>)  at main.c:5214
#18 main (argc=<value optimized out>, argv=<value optimized out>)     at main.c:5539

--- Additional comment from kdudka on 2010-05-27 15:46:26 CEST ---

Created an attachment (id=417248)
proposed fix
Comment 1 RHEL Program Management 2010-05-27 14:16:02 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 3 Kamil Dudka 2010-06-06 00:24:32 UTC 
Created attachment 421520 [details]
proposed fix
Comment 4 Elio Maldonado Batiz 2010-06-07 15:46:30 UTC 
Created attachment 421869 [details]
Same fix in cvs format

It has already been submitted in Fedora and a RHEL6 scratch build is at
https://brewweb.devel.redhat.com/taskinfo?taskID=2498883
Comment 7 Elio Maldonado Batiz 2010-06-09 18:20:49 UTC 
Comment on attachment 421869 [details]
Same fix in cvs format

The original patch works fine
Comment 12 releng-rhel@redhat.com 2010-11-10 21:15:17 UTC 
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.