Bug 894157

Summary: gnome-keyring coredumps while parsing certificate
Product: [Fedora] Fedora Reporter: Gustavo Luiz Duarte <gustavold>
Component: gcrAssignee: Matthias Clasen <mclasen>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 18CC: debarshir, gustavold, karsten, mclasen, stefw, tbzatek, walters
Target Milestone: ---   
Target Release: ---   
Hardware: ppc64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 893162 Environment:
Last Closed: 2013-01-20 15:43:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 893162    
Bug Blocks:    
Attachments:
Description Flags
Fix memrchr() call with negative string length none

Description Gustavo Luiz Duarte 2013-01-10 21:05:37 UTC
Description of problem:
/usr/bin/gnome-keyring coredumps while parsing certificate on PPC64

Version-Release number of selected component (if applicable):
gcr-3.6.2-1.fc18.ppc64
gnome-keyring-3.6.2-2.fc18

How reproducible:
Always

Steps to Reproduce:
1. gnome-keyring import ~/.ssh/id_rsa

Program received signal SIGSEGV, Segmentation fault.
0x00000080d9dbc424 in .__memrchr () from /lib64/libc.so.6
(gdb) bt
#0  0x00000080d9dbc424 in .__memrchr () from /lib64/libc.so.6
#1  0x00000fffb7e93618 in armor_find_end (outer=<synthetic pointer>, type=<optimized out>, n_data=6, data=0x101bf689 "-----\n") at egg-armor.c:180
#2  egg_armor_parse (data=0x10122a30, callback=@0xfffb7ef2380: 0xfffb7e6d970 <handle_pem_data>, user_data=0xfffffffe960) at egg-armor.c:300
#3  0x00000fffb7e6c6e4 in handle_pem_format (self=<optimized out>, subformat=<optimized out>, data=0x10122a30) at gcr-parser.c:1901
#4  0x00000fffb7e6f5c4 in parser_format_foreach (key=key@entry=0xfffb7ee8058 <parser_normal>, value=value@entry=0xfffb7ee8058 <parser_normal>, 
    data=data@entry=0xfffffffea88) at gcr-parser.c:2151
#5  0x00000fffb7e702e0 in gcr_parser_parse_data (self=<optimized out>, data=
    0x101bf000 "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAyMeMe12lWlwjoW0/EIouM8yy1Iaj8UAbc3BkpN50n3fee+2F\nys41UANDUU0DW02Fb+lF1F7UwRyYZA0PqXjvSpN/Jb9TUgFfLT6Ilyr4mfg4QAhs\nnad9WGPmV+cNCpm4DO2N5n6rGYvpGzFIGUYOU2"..., n_data=<optimized out>, error=0xfffffffeb38) at gcr-parser.c:2411
#6  0x00000fffb7e703c0 in state_parse_buffer (self=0x101ba850, async=<optimized out>) at gcr-parser.c:2930
#7  0x00000fffb7e6bc9c in next_state (self=0x101ba850, state=@0xfffb7ef24e0: 0xfffb7e70310 <state_parse_buffer>) at gcr-parser.c:2888
#8  0x00000fffb7e6c33c in state_read_buffer (self=0x101ba850, async=<optimized out>) at gcr-parser.c:2999
#9  0x00000fffb7e6bc9c in next_state (self=0x101ba850, state=@0xfffb7ef2140: 0xfffb7e6c1c0 <state_read_buffer>) at gcr-parser.c:2888
#10 0x00000fffb7e6c33c in state_read_buffer (self=0x101ba850, async=<optimized out>) at gcr-parser.c:2999
#11 0x00000fffb7e6bc9c in next_state (self=self@entry=0x101ba850, state=state@entry=@0xfffb7ef2140: 0xfffb7e6c1c0 <state_read_buffer>) at gcr-parser.c:2888
#12 0x00000fffb7e72f98 in gcr_parser_parse_stream (self=0x1016d380 [GcrParser], input=<optimized out>, cancellable=0x0, error=0xfffffffef28)
    at gcr-parser.c:3106
#13 0x00000000100020d4 in gkr_tool_import (argc=1, argv=0xffffffff4e0) at gkr-tool-import.c:204
#14 0x00000000100019bc in main (argc=3, argv=0xffffffff4d8) at gkr-tool.c:145

Comment 1 Gustavo Luiz Duarte 2013-01-10 21:55:31 UTC
Created attachment 676569 [details]
Fix memrchr() call with negative string length

Please add the attached patch to the gcr package. This patch should fix this issue. It fixes an invalid call to memrchr() in libegg.

Comment 2 Colin Walters 2013-01-10 22:15:13 UTC
Made into a "git format-patch" style patch, against git master, following https://live.gnome.org/GnomeLove/SubmittingPatches and submitted upstream.

Comment 3 Fedora Update System 2013-01-14 17:31:58 UTC
gcr-3.6.2-2.fc18,gnome-keyring-3.6.2-3.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/gcr-3.6.2-2.fc18,gnome-keyring-3.6.2-3.fc18

Comment 4 Fedora Update System 2013-01-16 19:46:11 UTC
Package gcr-3.6.2-2.fc18, gnome-keyring-3.6.2-3.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing gcr-3.6.2-2.fc18 gnome-keyring-3.6.2-3.fc18'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-0884/gcr-3.6.2-2.fc18,gnome-keyring-3.6.2-3.fc18
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2013-02-01 16:33:42 UTC
gcr-3.6.2-2.fc18, gnome-keyring-3.6.2-3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.