Bug 1570306 - softhsm crashes applications using p11-kit-proxy
Summary: softhsm crashes applications using p11-kit-proxy
Keywords:
Status: CLOSED DUPLICATE of bug 1607635
Alias: None
Product: Fedora
Classification: Fedora
Component: softhsm
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Paul Wouters
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-21 20:08 UTC by Francisco de la Peña
Modified: 2018-07-26 18:38 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-07-25 08:05:00 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1607635 None CLOSED Segfault in ldif2db during ipa-server-install on current Rawhide 2019-09-17 10:33:08 UTC

Internal Links: 1607635 1608690 1615751

Description Francisco de la Peña 2018-04-21 20:08:58 UTC
Description of problem:

Several applications using p11-kit-proxy module crash when softhsm is installed. Firefox always crashes on quit and opensc-tools may reproduce a similar crash while listing details from that module.


Version-Release number of selected component (if applicable):

2.3.0-2.fc27, 2.3.0-3.fc28.1


How reproducible:

Always.


Steps to Reproduce:

opensc tools way:

1. Install softhsm and opensc
2. Run: $ pkcs11-tool -L --module /usr/lib64/p11-kit-proxy.so

Firefox way:

1. Install softhsm and firefox
2. Configure NSS to use p11-kit-proxy:
   # alternatives --install /usr/lib64/libnssckbi.so \
     libnssckbi.so.x86_64 /usr/lib64/p11-kit-proxy.so 50
3. Run Firefox (quit Firefox if already opened first) and quit Firefox. 


Actual results:

pkcs11-tool crashes with the command above.
firefox crashes on quit (no abrt but breakpad crash report window instead).

Removing softhsm works around this issue and p11-kit-proxy works without crashes.


Expected results:

It shouldn't crash.

Comment 1 Daiki Ueno 2018-04-23 13:00:44 UTC
I tried to reproduce it, but couldn't.  Could you provide more information about your configuration:
- NSS and p11-kit package versions
- How softhsm is configured (do you have a token initialized and any certificates/keys in it?)

(In reply to Francisco de la Peña from comment #0)

> 2. Configure NSS to use p11-kit-proxy:
>    # alternatives --install /usr/lib64/libnssckbi.so \
>      libnssckbi.so.x86_64 /usr/lib64/p11-kit-proxy.so 50

This is to explicitly override the default installation, that registers p11-kit-trust.so with priority 30, right?

Comment 2 Nikos Mavrogiannopoulos 2018-07-25 08:05:00 UTC
Closing as duplicate as it is seen to be related.

*** This bug has been marked as a duplicate of bug 1607635 ***

Comment 3 Francisco de la Peña 2018-07-26 18:38:12 UTC
> This is to explicitly override the default installation, that registers
> p11-kit-trust.so with priority 30, right?

Yes, it is. Also happens here with the upcoming F29 crypto policies approach.
I didn't configure softhsm, so it should use defaults here.
Tested with latest F28 downstream packages, still reproduceable here.

> Closing as duplicate as it is seen to be related.

Indeed, I can confirm the backtrace is the same there as in bug 1607635, +1.


Note You need to log in before you can comment on or make changes to this bug.