Bug 741892

Summary: m2crypto loading x509 cert causes Segmentation fault
Product: [Fedora] Fedora Reporter: Mo Morsi <mmorsi>
Component: m2cryptoAssignee: Miloslav Trmač <mitr>
Status: CLOSED DEFERRED QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 16CC: dmalcolm, extras-orphan, gholms, mitr, owen.synge
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 707676 Environment:
Last Closed: 2011-09-30 13:24:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 707676, 707778    
Bug Blocks: 743402    

Description Mo Morsi 2011-09-28 11:04:33 UTC 
Same issue as that appearing in the EPEL bug report, the following patch needs to be backported against m2cryto to fix


http://git.fedorahosted.org/git/?p=pulp.git;a=blob;f=rpm/m2crypto/m2crypto-0.21.1-x509_crl.patch


+++ This bug was initially created as a clone of Bug #707676 +++

Description of problem:

m2crypto loading x509 cert causes Segmentation fault for python26 but not for python form RHEL.

Version-Release number of selected component (if applicable):

I am comparing these versions.

python26-m2crypto-0.21.1-3.el5
m2crypto-0.16-7.el5

How reproducible:

Every time

Steps to Reproduce:

0. Install both version's of m2crypto for RHEL5.

# yum install python26-m2crypto m2crypto

1. Make python script

#cat fred.py 
from M2Crypto import SMIME, X509, BIO
st = X509.X509_Store()
st.load_info('/etc/grid-security/certificates/bffbd7d0.0')
print st

2. Run with "python"

# python fred.py 
<M2Crypto.X509.X509_Store instance at 0xca3878>

3. Run with python2.6

# python2.6  fred.py 
Segmentation fault

For me a 0.18 or higher version of M2Crypto in RHEL would also be fine I don't need python26, unfortunately the RHEL 5 version is m2crypto-0.16-6.el5.6 which does not support verifying X509 SMIME signed messages, here is some of my code, that I cant get to run on RHEL version of m2crypto.

def validate_text(self,text_to_verify):
    buf = BIO.MemoryBuffer(text_to_verify)
    sk = X509.X509_Stack()
    p7, data = SMIME.smime_load_pkcs7_bio(buf)
    try:
        supplied_stack =  p7.get0_signers(sk)
    except AttributeError, e:
        if str(e) == "PKCS7 instance has no attribute 'get0_signers'":
             self.logger.error('m2crypto version 0.18 is the minimum supported, please upgrade.')
        raise e

I mark this as urgent, as although only in EPEL their is no way to make your code verify X509 signed SMIME messages in python without using the openssl library via the command line. (I know it all works fine in RHEL6 and its a known limitation with m2crypto 0.16 and 0.17, just google "get0_signers") 

Thank you for taking the time to look into this bug, I hope you get time to add the issue to your test suites.

Regards

Owen

--- Additional comment from mitr on 2011-05-25 15:20:25 EDT ---

Relevant part of disassembly:
> 0x00002aaaaf27b7f2 <_wrap_x509_store_load_locations+130>:	mov    0x20(%rsp),%rbx
> 0x00002aaaaf27b7f7 <_wrap_x509_store_load_locations+135>:	callq  0x2aaaaf279970 <SWIG_AsCharPtrAndSize>

* arg1 == argp1 is loaded into %rbx at ...b7f2.
* ...b7f7 calls SWIG_AsCharPtrAndSize
* SWIG_AsCharPtrAndSize stores %rbx on the stack, and eventually calls
> char *cstr; int len;
> PyString_AsStringAndSize(obj, &cstr, &len);
* However, the second patameter of PyString_AsStringAndSize is actually a pointer to Py_ssize_t (64bit instead of 32-bit)
* Thus, the %rbx value saved on stack is overwritten by zeroes
* ... and eventually X509_STORE_load_locations is called with the first parameter equal to NULL

So, this all seems to be caused by the fact that the swig in RHEL does not support Python 2.6.

--- Additional comment from mitr on 2011-05-25 15:25:29 EDT ---

As for the missing get0_signers in m2crypto-0.16-7.el5, if you are a Red Hat customer with an active subscription, please report this via the Red Hat Customer Portal at http://access.redhat.com/ to allow correct prioritization of this issue.

--- Additional comment from gholms on 2011-05-25 18:25:07 EDT ---

This is a swig issue that happens when building against Python >= 2.5 on 64-bit systems.  Upstream fixed this bug in its svn repo ages ago with a very small change to the code, so bug 707778 attempts to get that fix backported to RHEL 5's swig package.  If that happens then this bug can be fixed with a recompile.  Otherwise I can look into monkey-patching _m2crypto_wrapper.c, though that is less than ideal.

For posterity's sake, here is a minimal reproducer:
> yum install python26-m2crypto
> python2.6 << EOF
> from M2Crypto import X509
> store = X509.X509Store()
> store.load_info('/etc/pki/tls/certs/ca-bundle.crt')
> EOF

--- Additional comment from owen.synge on 2011-05-26 06:40:27 EDT ---

Dear all,

Thankyou for the work on this area.

Miloslav Trma\u010d, Sorry I am not a redhat customer, I am a Scientfic Linux user.

Regards

Owen

--- Additional comment from dmalcolm on 2011-06-07 16:31:08 EDT ---

Possible alternate approach (though v. ugly): hack up the build of python26-m2crypto to apply the patch seen in bug 707778 to the code that SWIG generates (IIRC, the files that that patch touches are templates used by the code generator.  I could be misremembering).
Comment 1 Miloslav Trmač 2011-09-29 16:47:42 UTC 
Thanks for your report.  What exactly is the "same issue"?  #707676 is a crash caused by incorrect C bindings, not something that can be fixed in Python.

The patch appears to add new functionality, so it will have to be accepted upstream first.  Did you submit it there, or shall I do so?  Is there a test suite, or at least an example user?

The x509_name_hash change breaks compatibility, which might be a problem.

Also, is this really targeted at F16 or at EL*, as the git history seems to indicate?
Comment 2 Mo Morsi 2011-09-30 13:24:46 UTC 
Thanks for the response. Am actually going to be closing this out as I'm not 100% sure what the issue is and is unrelated to what I'm working on (was previously under the impression that it was).
Comment 3 Owen 2011-09-30 15:18:43 UTC 
My way of fixing the issue is to install a slightly newer version from fedora.

Here is a summary:

The "get0_signers" method does not work with python 2.4 m2crypto in SL5. Hence the following code does not work.

buf = BIO.MemoryBuffer(text_to_verify)
sk = X509.X509_Stack()
p7, data = SMIME.smime_load_pkcs7_bio(buf)
supplied_stack =  p7.get0_signers(sk)

For this reason I tried the version from python 2.6, but this segfaults, hence this bug.

My current workaround for my customers and my build system is to document the following process for RHEL, Centos and Scientific Linux 5

yum update -y
yum upgrade -y
yum install subversion \
    python \
    rpm-build \
    make \
    org-desy-grid-virt-sort-release \
    openssl-devel \
    python-devel \
    pkgconfig \
    swig \
    gcc \
    pexpect \
    lcg-CA \
    ca_BitFace \
    fetch-crl \
    -y

rpm -i http://ftp.informatik.uni-frankfurt.de/fedora-archive/fedora/linux/releases/8/Everything/source/SRPMS/m2crypto-0.18-2.src.rpm

rpmbuild -ba /usr/src/redhat/SPECS/m2crypto.spec

fred=`rpm -qa | grep m2crypto`
if [ "x${fred}" != "x" ] ; then
    rpm -e --nodeps m2crypto
fi
rpm -i /usr/src/redhat/RPMS/x86_64/m2crypto*.rpm


Once this is done all is working fine. This is in my opinion a more appropriate solution to the issue of verifying SMIME signatures with X509 on RHEL, Centos and Scientific Linux 5, provided you can use python 2.4 code base.

Maybe you could look into this solution?