Bug 691351
| Summary: | Segmentation fault when invalid Extended Key Usage is provided in Certificate Request | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Kaleem <ksiddiqu> |
| Component: | certmonger | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.1 | CC: | dpal, jgalipea, kchamart |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | certmonger-0.40-1.el6 | Doc Type: | Bug Fix |
| Doc Text: |
Previously, running the getcert command with an invalid Extended Key Usage parameter caused a segmentation fault. This happened because the command attempted to dereference a NULL pointer while attempting to report that the parameter value was not a valid OID (Object Identifier). With this update, certmonger reports that the OID validation failed and prints a message that the provided Extended Key Usage is invalid.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-05-19 13:07:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Kaleem
2011-03-28 10:29:22 UTC
Verified. RHEL Version: [root@tiger ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.1 Beta (Santiago) Certmonger Version : [root@dhcp193-17 getcert_list]# rpm -qai certmonger |head Name : certmonger Relocations: (not relocatable) Version : 0.40 Vendor: Red Hat, Inc. Release : 1.el6 Build Date: Tue 29 Mar 2011 02:58:11 AM IST Install Date: Wed 30 Mar 2011 11:26:04 AM IST Build Host: x86-008.build.bos.redhat.com Group : System Environment/Daemons Source RPM: certmonger-0.40-1.el6.src.rpm Size : 867380 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://certmonger.fedorahosted.org Summary : Certificate status monitor and PKI enrollment client Steps used to verify: (1)install certmonger [root@dhcp193-17 getcert_list]# yum install certmonger -y Loaded plugins: product-id, subscription-manager Updating Red Hat repositories. INFO:rhsm-app.repolib:repos updated: 0 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package certmonger.x86_64 0:0.40-1.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================= Installing: certmonger x86_64 0.40-1.el6 rhel6.1 190 k Transaction Summary ============================================================================================================================================================= Install 1 Package(s) Total download size: 190 k Installed size: 847 k Downloading Packages: certmonger-0.40-1.el6.x86_64.rpm | 190 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. Installing : certmonger-0.40-1.el6.x86_64 1/1 duration: 87(ms) Installed products updated. Installed: certmonger.x86_64 0:0.40-1.el6 Complete! (2)start certmonger service [root@dhcp193-17 getcert_list]# service certmonger start Starting certmonger: [ OK ] (3)Issue a certificate request with invalid extended key usage [root@dhcp193-17 getcert_list]# selfsign-getcert request -d /tmp/kaleem/ -n test -U invalid Could not evaluate OID "invalid". Results: Now segmentation fault is not there and following error message is displayed. "Could not evaluate OID "invalid" ".
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Previously, running the getcert command with an invalid Extended Key Usage parameter caused a segmentation fault. This happened because the command attempted to dereference a NULL pointer while attempting to report that the parameter value was not a valid OID (Object Identifier). With this update, certmonger reports that the OID validation failed and prints a message that the provided Extended Key Usage is invalid.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0570.html |