Hide Forgot
Description of problem: Certmonger crashes when in start-tracking new values of parameters Extended Key Usage, DNS, Email and principal name are provided. It is occurring only when all four parameters are provided in start-tracking. Version-Release number of selected component (if applicable): certmonger-0.41-1.el6.x86_64 How reproducible: Issue a certificate request with default values for parameters like Extended Key usage, DNS, Email and principal name. Now provide new values for all four parameters in start-tracking so that new values gets effective when certiificate gets renewed. Steps to Reproduce: (1)Install certmonger [root@testing getcert_start-tracking]# yum install certmonger -y Installed: certmonger.x86_64 0:0.41-1.el6 Dependency Installed: libtevent.x86_64 0:0.9.8-8.el6 Complete! (2)Start certmonger service [root@testing getcert_start-tracking]# service certmonger start Starting certmonger: [ OK ] (3)Create a temp directory [root@testing getcert_start-tracking]# mkdir /tmp/kaleem (4)Change the SELinux context of directory created in last step [root@testing getcert_start-tracking]# chcon -t cert_t /tmp/kaleem/ (5)Issue a request with request nickname [root@testing getcert_start-tracking]# getcert request -d /tmp/kaleem/ -n certtest -I testing -c SelfSign New signing request "testing" added. [root@testing getcert_start-tracking]# getcert list Number of certificates and requests being tracked: 1. Request ID 'testing': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/tmp/kaleem',nickname='certtest',token='NSS Certificate DB' certificate: type=NSSDB,location='/tmp/kaleem',nickname='certtest',token='NSS Certificate DB' CA: SelfSign issuer: CN=testing.mars.lab.eng.pnq.redhat.com subject: CN=testing.mars.lab.eng.pnq.redhat.com expires: 20120413064217 dns: testing.mars.lab.eng.pnq.redhat.com principal name: host/testing.mars.lab.eng.pnq.redhat.com eku: id-kp-serverAuth track: yes auto-renew: yes [root@testing getcert_start-tracking]# (6)Run start-tracking on the request with new values for parameters extended key usage, DNS, Email and principal name [root@testing getcert_start-tracking]# getcert start-tracking -i testing -U id-kp-clientAuth -D new.lab.redhat.com -E abc -K "host/new.lab.redhat.com" Segmentation fault (core dumped) [root@testing getcert_start-tracking]# There is Segmentation fault. Actual results: Segmentation fault occurs Expected results: There should be no segmentation fault. Additional info: (1)BackTrace and gdb debug output has been attached.
Created attachment 491771 [details] backtrace and gdb output
Buffer overrun in the getcert tool.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0570.html