Bug 1460019 - PK11Store.getEncryptedPrivateKeyInfo() segfault if export fails
PK11Store.getEncryptedPrivateKeyInfo() segfault if export fails
Status: MODIFIED
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: jss (Show other bugs)
7.4
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Fraser Tweedale
ipa-qe
Petr Bokoc
: ZStream
Depends On: 1460016
Blocks: 1490740
  Show dependency treegraph
 
Reported: 2017-06-08 16:46 EDT by Matthew Harmsen
Modified: 2017-10-10 08:05 EDT (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Prior to this update, a failure to check that the result of a key wrapping operation was not NULL could in some cases cause PKI to crash due to a segmentation fault. This update adds a check that raises an exception in such cases, and a failed key wrapping operation now results in a Java exceptions instead of a crash.
Story Points: ---
Clone Of: 1460016
: 1490740 (view as bug list)
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 1371147 None None None 2017-06-08 16:46 EDT

  None (edit)
Description Matthew Harmsen 2017-06-08 16:46:14 EDT
+++ This bug was initially created as a clone of Bug #1460016 +++

PK11Store.getEncryptedPrivateKeyInfo() segfaults if export fails

Steps to reproduce:

    Use PK11Store.getEncryptedPrivateKeyInfo() with Thales nethsm.

Actual results:

    PK11_ExportEncryptedPrivKeyInfo returning NULL is not being handled
    properly, causing segfault.


Expected results:

    Detect this condition and raise a
    TokenException instead.

Additional Information:

    Patch is attached to upstream bug
    https://bugzilla.mozilla.org/show_bug.cgi?id=1371147
Comment 3 Matthew Harmsen 2017-09-08 17:41:48 EDT
Upstream Check-in:

cfu checked-in the following changes provided by ftweedal:

changeset:   2204:87dca07f7529
tag:         tip
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:56:04 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2203:b3b653faef84
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:53:36 2017 -0700
summary:     bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2202:0b8a6e84b6c7
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:50:21 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2201:d39e9b373798
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:32:32 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2200:890216599f21
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:21:22 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2199:bada1409d2bb
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:15:29 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2198:3629b598a9ce
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:09:23 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -
Comment 4 Fraser Tweedale 2017-09-09 01:55:40 EDT
Actually, the patches that were checked into JSS are related to the
other BZ.  This BZ has a different JSS ticket with a different patch
that has yet to be reviewed and checked in:
https://bugzilla.mozilla.org/show_bug.cgi?id=1371147

Moving this back to ASSIGNED.
Comment 5 Matthew Harmsen 2017-09-11 15:02:18 EDT
(In reply to Matthew Harmsen from comment #3)
> Upstream Check-in:
> 
> cfu checked-in the following changes provided by ftweedal:
> 
> changeset:   2204:87dca07f7529
> tag:         tip
> user:        Fraser Tweedale<ftweedale@redhat.com>
> date:        Fri Sep 08 11:56:04 2017 -0700
> summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -
> 
> changeset:   2203:b3b653faef84
> user:        Fraser Tweedale<ftweedale@redhat.com>
> date:        Fri Sep 08 11:53:36 2017 -0700
> summary:     bug 1370778 PBE and padded block cipher enhancements and fixes -
> 
> changeset:   2202:0b8a6e84b6c7
> user:        Fraser Tweedale<ftweedale@redhat.com>
> date:        Fri Sep 08 11:50:21 2017 -0700
> summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -
> 
> changeset:   2201:d39e9b373798
> user:        Fraser Tweedale<ftweedale@redhat.com>
> date:        Fri Sep 08 11:32:32 2017 -0700
> summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -
> 
> changeset:   2200:890216599f21
> user:        Fraser Tweedale<ftweedale@redhat.com>
> date:        Fri Sep 08 11:21:22 2017 -0700
> summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -
> 
> changeset:   2199:bada1409d2bb
> user:        Fraser Tweedale<ftweedale@redhat.com>
> date:        Fri Sep 08 11:15:29 2017 -0700
> summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -
> 
> changeset:   2198:3629b598a9ce
> user:        Fraser Tweedale<ftweedale@redhat.com>
> date:        Fri Sep 08 11:09:23 2017 -0700
> summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

INCORRECT CHECK-IN MESSAGE -- these check-ins apply to https://bugzilla.redhat.com/show_bug.cgi?id=1490487
Comment 6 Matthew Harmsen 2017-09-11 20:46:48 EDT
cfu checked-in ftweedal's patch:

changeset:   2205:3e9a5ae2149d
tag:         tip
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Mon Sep 11 17:24:22 2017 -0700
summary:     Bug 1371147 PK11Store.getEncryptedPrivateKeyInfo() segfault if export fails -

Note You need to log in before you can comment on or make changes to this bug.