Bug 894157 - gnome-keyring coredumps while parsing certificate
Summary: gnome-keyring coredumps while parsing certificate
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: gcr
Version: 18
Hardware: ppc64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Matthias Clasen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 893162
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-10 21:05 UTC by Gustavo Luiz Duarte
Modified: 2013-02-01 16:33 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 893162
Environment:
Last Closed: 2013-01-20 15:43:56 UTC


Attachments (Terms of Use)
Fix memrchr() call with negative string length (712 bytes, patch)
2013-01-10 21:55 UTC, Gustavo Luiz Duarte
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
GNOME Bugzilla 691505 None None None Never

Description Gustavo Luiz Duarte 2013-01-10 21:05:37 UTC
Description of problem:
/usr/bin/gnome-keyring coredumps while parsing certificate on PPC64

Version-Release number of selected component (if applicable):
gcr-3.6.2-1.fc18.ppc64
gnome-keyring-3.6.2-2.fc18

How reproducible:
Always

Steps to Reproduce:
1. gnome-keyring import ~/.ssh/id_rsa

Program received signal SIGSEGV, Segmentation fault.
0x00000080d9dbc424 in .__memrchr () from /lib64/libc.so.6
(gdb) bt
#0  0x00000080d9dbc424 in .__memrchr () from /lib64/libc.so.6
#1  0x00000fffb7e93618 in armor_find_end (outer=<synthetic pointer>, type=<optimized out>, n_data=6, data=0x101bf689 "-----\n") at egg-armor.c:180
#2  egg_armor_parse (data=0x10122a30, callback=@0xfffb7ef2380: 0xfffb7e6d970 <handle_pem_data>, user_data=0xfffffffe960) at egg-armor.c:300
#3  0x00000fffb7e6c6e4 in handle_pem_format (self=<optimized out>, subformat=<optimized out>, data=0x10122a30) at gcr-parser.c:1901
#4  0x00000fffb7e6f5c4 in parser_format_foreach (key=key@entry=0xfffb7ee8058 <parser_normal>, value=value@entry=0xfffb7ee8058 <parser_normal>, 
    data=data@entry=0xfffffffea88) at gcr-parser.c:2151
#5  0x00000fffb7e702e0 in gcr_parser_parse_data (self=<optimized out>, data=
    0x101bf000 "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAyMeMe12lWlwjoW0/EIouM8yy1Iaj8UAbc3BkpN50n3fee+2F\nys41UANDUU0DW02Fb+lF1F7UwRyYZA0PqXjvSpN/Jb9TUgFfLT6Ilyr4mfg4QAhs\nnad9WGPmV+cNCpm4DO2N5n6rGYvpGzFIGUYOU2"..., n_data=<optimized out>, error=0xfffffffeb38) at gcr-parser.c:2411
#6  0x00000fffb7e703c0 in state_parse_buffer (self=0x101ba850, async=<optimized out>) at gcr-parser.c:2930
#7  0x00000fffb7e6bc9c in next_state (self=0x101ba850, state=@0xfffb7ef24e0: 0xfffb7e70310 <state_parse_buffer>) at gcr-parser.c:2888
#8  0x00000fffb7e6c33c in state_read_buffer (self=0x101ba850, async=<optimized out>) at gcr-parser.c:2999
#9  0x00000fffb7e6bc9c in next_state (self=0x101ba850, state=@0xfffb7ef2140: 0xfffb7e6c1c0 <state_read_buffer>) at gcr-parser.c:2888
#10 0x00000fffb7e6c33c in state_read_buffer (self=0x101ba850, async=<optimized out>) at gcr-parser.c:2999
#11 0x00000fffb7e6bc9c in next_state (self=self@entry=0x101ba850, state=state@entry=@0xfffb7ef2140: 0xfffb7e6c1c0 <state_read_buffer>) at gcr-parser.c:2888
#12 0x00000fffb7e72f98 in gcr_parser_parse_stream (self=0x1016d380 [GcrParser], input=<optimized out>, cancellable=0x0, error=0xfffffffef28)
    at gcr-parser.c:3106
#13 0x00000000100020d4 in gkr_tool_import (argc=1, argv=0xffffffff4e0) at gkr-tool-import.c:204
#14 0x00000000100019bc in main (argc=3, argv=0xffffffff4d8) at gkr-tool.c:145

Comment 1 Gustavo Luiz Duarte 2013-01-10 21:55:31 UTC
Created attachment 676569 [details]
Fix memrchr() call with negative string length

Please add the attached patch to the gcr package. This patch should fix this issue. It fixes an invalid call to memrchr() in libegg.

Comment 2 Colin Walters 2013-01-10 22:15:13 UTC
Made into a "git format-patch" style patch, against git master, following https://live.gnome.org/GnomeLove/SubmittingPatches and submitted upstream.

Comment 3 Fedora Update System 2013-01-14 17:31:58 UTC
gcr-3.6.2-2.fc18,gnome-keyring-3.6.2-3.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/gcr-3.6.2-2.fc18,gnome-keyring-3.6.2-3.fc18

Comment 4 Fedora Update System 2013-01-16 19:46:11 UTC
Package gcr-3.6.2-2.fc18, gnome-keyring-3.6.2-3.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing gcr-3.6.2-2.fc18 gnome-keyring-3.6.2-3.fc18'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-0884/gcr-3.6.2-2.fc18,gnome-keyring-3.6.2-3.fc18
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2013-02-01 16:33:42 UTC
gcr-3.6.2-2.fc18, gnome-keyring-3.6.2-3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.