Bug 643564

Summary: libpnsspem aborts if cacert dir contains other directoires
Product: Red Hat Enterprise Linux 6 Reporter: Elio Maldonado Batiz <emaldona>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED ERRATA QA Contact: Ondrej Moriš <omoris>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1CC: emaldona, kdudka, kengert, omoris, rcritten, rrelyea, ssorce
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: nss-3.12.9-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 642433 Environment:
Last Closed: 2011-05-19 14:03:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 642433    
Bug Blocks: 642407    
Attachments:
Description Flags
Test for and reject files which are directories none

Description Elio Maldonado Batiz 2010-10-15 23:34:22 UTC 
+++ This bug was initially created as a clone of Bug #642433 +++

Description of problem:
try any openldap command and use the LDAPTLS_CACERTDIR to pass in an arbitrary directory containing other directories.

It will abort as soon as openldap passes down a directory as a file.

It should probably, at most, return an error, if not ignore the entry completely.

This is the backtrace:

(gdb) bt
#0  0x00132416 in __kernel_vsyscall ()
#1  0x00412501 in raise () from /lib/libc.so.6
#2  0x00413f6e in abort () from /lib/libc.so.6
#3  0x0044fa8d in __libc_message () from /lib/libc.so.6
#4  0x00457df4 in _int_free () from /lib/libc.so.6
#5  0x003bc118 in PR_Free (ptr=0x80ad3d0) at ../../../mozilla/nsprpub/pr/src/malloc/prmem.c:490
#6  0x0071ee92 in PORT_Free_Util (ptr=0x80ad3d0) at secport.c:151
#7  0x0071dfba in SECITEM_FreeItem_Util (zap=0xbfffe7c4, freeit=0) at secitem.c:264
#8  0x007062d0 in FileToItem (dst=0xbfffe7c4, src=0x80acd58) at util.c:129
#9  0x00706338 in ReadDERFromFile (derlist=0xbfffe868, filename=0x80ad1a0 "/etc/ipa/html", ascii=1, cipher=0xbfffe864, ivstring=0xbfffe860, certsonly=1)
    at util.c:155
#10 0x007044e9 in pem_CreateObject (fwInstance=0x808c7e0, fwSession=0x808eca0, mdToken=0x808c938, pTemplate=0xbfffee74, ulAttributeCount=4, pError=0xbfffed5c)
    at pobject.c:1118
#11 0x0070534f in pem_mdSession_CreateObject (mdSession=0x808ed10, fwSession=0x808eca0, mdToken=0x808c938, fwToken=0x808e0f0, mdInstance=0x731ee0, 
    fwInstance=0x808c7e0, arena=0x808e050, pTemplate=0xbfffee74, ulAttributeCount=4, pError=0xbfffed5c) at psession.c:157
#12 0x00709136 in nssCKFWSession_CreateObject (fwSession=0x808eca0, pTemplate=0xbfffee74, ulAttributeCount=4, pError=0xbfffed5c) at session.c:1353
#13 0x0070e769 in NSSCKFWC_CreateObject (fwInstance=0x808c7e0, hSession=1, pTemplate=0xbfffee74, ulCount=4, phObject=0xbfffee1c) at wrap.c:1994
#14 0x00700aed in pemC_CreateObject (hSession=1, pTemplate=0xbfffee74, ulCount=4, phObject=0xbfffee1c) at ../../../../../dist/public/nss/nssck.api:566
#15 0x0028f092 in PK11_CreateNewObject (slot=0x808dd48, session=1, theTemplate=0xbfffee74, count=4, token=0, objectID=0xbfffee1c) at pk11obj.c:412
#16 0x002905e1 in PK11_CreateGenericObject (slot=0x808dd48, pTemplate=0xbfffee74, count=4, token=0) at pk11obj.c:1347
#17 0x001691bc in tlsm_add_cert_from_file (ctx=0x8062178, filename=0x808bff8 "/etc/ipa/html", isca=1) at ../../../libraries/libldap/tls_m.c:1062
#18 0x0016ad03 in tlsm_init_ca_certs (arg=0x8062178) at ../../../libraries/libldap/tls_m.c:1188
#19 tlsm_deferred_init (arg=0x8062178) at ../../../libraries/libldap/tls_m.c:1331
#20 tlsm_deferred_ctx_init (arg=0x8062178) at ../../../libraries/libldap/tls_m.c:1684
#21 0x003c1909 in PR_CallOnceWithArg (once=0x806219c, func=0x16a360 <tlsm_deferred_ctx_init>, arg=0x8062178) at ../../../mozilla/nsprpub/pr/src/misc/prinit.c:836
#22 0x00168c4d in tlsm_session_new (ctx=0x8062178, is_server=0) at ../../../libraries/libldap/tls_m.c:1991
#23 0x00165a0c in alloc_handle (ctx_arg=<value optimized out>, is_server=<value optimized out>) at ../../../libraries/libldap/tls2.c:296
#24 0x00165b9c in ldap_int_tls_connect (ld=0x8058078, conn=<value optimized out>) at ../../../libraries/libldap/tls2.c:341
#25 0x00166727 in ldap_int_tls_start (ld=0x8058078, conn=0x8058228, srv=0x0) at ../../../libraries/libldap/tls2.c:833
#26 0x00166b3c in ldap_start_tls_s (ld=0x8058078, serverctrls=0x0, clientctrls=0x0) at ../../../libraries/libldap/tls2.c:939
#27 0x0804bc2b in tool_conn_setup (dont=0, private_setup=0) at ../../../clients/tools/common.c:1290
#28 0x0804aafc in main (argc=5, argv=0xbffff6f4) at ../../../clients/tools/ldappasswd.c:248

--- Additional comment from rcritten on 2010-10-12 18:06:02 EDT ---

In FileToItem() we call PR_GetOpenFileInfo() so I suppose we can just make sure that the type is a PR_FILE_FILE otherwise return a failure.
Comment 3 Elio Maldonado Batiz 2011-01-17 20:01:27 UTC 
Created attachment 473921 [details]
Test for and reject files which are directories

This is the same patch used in fedora, reviewed by Rob Crittenden.
Comment 7 errata-xmlrpc 2011-05-19 14:03:49 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0692.html