Bug 754771

Summary: [PEM] an unregistered callback causes a SIGSEGV
Product: [Fedora] Fedora Reporter: Kamil Dudka <kdudka>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 16CC: danw, emaldona, kdudka, kengert, rrelyea
Target Milestone: ---Keywords: EasyFix, Patch, Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-3.13.1-8.fc17 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 733685
: 768669 (view as bug list) Environment:
Last Closed: 2012-03-14 17:52:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 702083, 733657, 733749, 733752, 746629, 768669, 1002271    
Attachments:
Description Flags
Initializes pointers to functions kdudka: review+

Description Kamil Dudka 2011-11-17 17:17:20 UTC 
+++ This bug was initially created as a clone of Bug #733685 +++

--- Additional comment from kdudka on 2011-08-26 15:52:53 CEST ---

I needed the following patch:

diff --git a/pinst.c b/pinst.c
index 70f5f4e..d35d7cf 100644
--- a/pinst.c
+++ b/pinst.c
@@ -349,6 +349,9 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objClass,
     if (io == NULL)
         return NULL;

+    /* initialize pointers to functions */
+    pem_CreateMDObject(NULL, io, NULL);
+
     io->gobjIndex = count;

     /* add object to global array */


... to get over the following crash:

#0  0x0000000000000000 in ?? ()
#1  0x00007ffff04bd4f7 in pem_mdObject_GetAttributeSize (mdObject=0x721b60, ...)
#2  0x00007ffff04c2c9e in nssCKFWObject_GetAttributeSize (fwObject=0x6fb9c0,...)
#3  0x00007ffff04cbec7 in NSSCKFWC_GetAttributeValue (fwInstance=0x6f6580, ...)
#4  0x00007ffff04b8eaa in pemC_GetAttributeValue (hSession=2, hObject=2, ...)
#5  0x00007ffff75904e2 in PK11_ReadAttribute (slot=0x6fa700, id=2, type=17, ...)
#6  0x00007ffff75930cb in PK11_ReadRawAttribute (objType=PK11_TypeGeneric, ...)
#7  0x00007ffff7dc7e2d in SelectClientCert (arg=0x62efe8, sock=0x7207b0, ...)

--- Additional comment from emaldona on 2011-08-26 19:04:05 CEST ---

Ah, we now add to the global internal list a fully constructed object. The invocation of pem_CreateMDObject(NULL, io, NULL); is solely for it's side effect of setting the function pointers so a (void) cast seems in order.  Additionally, the (void) pem_CreateMDObject(NULL, io, NULL); could be inside CreateObject itself.

At some point should analyze why need CreateObject and pem_createObject. That's food for the upstream work, not now.
Comment 1 Kamil Dudka 2011-12-12 13:09:24 UTC 
Elio, is there anything that prevents this one-liner from being applied?
Comment 2 Elio Maldonado Batiz 2011-12-12 17:59:50 UTC 
Created attachment 545843 [details]
Initializes pointers to functions

Modified to account for code movement since Kamil first proposed it.
Comment 3 Elio Maldonado Batiz 2012-03-14 06:46:50 UTC 

*** This bug has been marked as a duplicate of bug 768669 ***
Comment 4 Kamil Dudka 2012-03-14 07:30:08 UTC 
Fedora bugs should not be closed as duplicates of RHEL bugs.  Although this bug has never been added to any update, it appears fixed in Fedora 16.  If it is not the case, please update the status accordingly.
Comment 5 Elio Maldonado Batiz 2012-03-14 17:52:00 UTC 
In https://admin.fedoraproject.org/updates/FEDORA-2012-1064/nss-3.13.1-11.fc16 I didn't list it. Closing it then.