SIGV when deleting certificate but not related public key

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

SIGV when deleting certificate but not related public key

Andreas Schwier (ML)
Hi all,

there is apparently a nasty bug in framework-pkcs15.c that causes a SIGV
when via PKCS#11 a certificate object is deleted, but not the related
public key object.

Occasionally this triggers a SIGV when the caller later accesses the
CKA_ID attribute which tries to access the then deleted certificate object.

Is there any expert on the list that has intimate knowledge of the
framework code that could take a look at it ?

Andreas


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SIGV when deleting certificate but not related public key

Peter Stuge-4
Andreas Schwier (ML) wrote:
> there is apparently a nasty bug in framework-pkcs15.c that causes a SIGV
> when via PKCS#11 a certificate object is deleted, but not the related
> public key object.
>
> Occasionally this triggers a SIGV when the caller later accesses the
> CKA_ID attribute which tries to access the then deleted certificate object.
>
> Is there any expert on the list that has intimate knowledge of the
> framework code that could take a look at it ?

Please send a backtrace.

Build the program with debugging, run the program with gdb --args
program, then type bt after the crash. Post output.


//Peter
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SIGV when deleting certificate but not related public key

Andreas Schwier
Hi Peter,

I will first need to write a small test in C to reproduce the problem.
Right now we test from Java, which makes debugging a real nightmare.

Andreas

Am 27.09.2012 11:25, schrieb Peter Stuge:

> Andreas Schwier (ML) wrote:
>> there is apparently a nasty bug in framework-pkcs15.c that causes a SIGV
>> when via PKCS#11 a certificate object is deleted, but not the related
>> public key object.
>>
>> Occasionally this triggers a SIGV when the caller later accesses the
>> CKA_ID attribute which tries to access the then deleted certificate object.
>>
>> Is there any expert on the list that has intimate knowledge of the
>> framework code that could take a look at it ?
> Please send a backtrace.
>
> Build the program with debugging, run the program with gdb --args
> program, then type bt after the crash. Post output.
>
>
> //Peter
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SIGV when deleting certificate but not related public key

Peter Stuge-4
Andreas Schwier wrote:
> I will first need to write a small test in C to reproduce the problem.
> Right now we test from Java, which makes debugging a real nightmare.

Maybe you can reproduce it using some of the existing command line
tools?


//Peter
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SIGV when deleting certificate but not related public key

Viktor Tarasov-3


On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge <[hidden email]> wrote:
Andreas Schwier wrote:
> I will first need to write a small test in C to reproduce the problem.
> Right now we test from Java, which makes debugging a real nightmare.

Maybe you can reproduce it using some of the existing command line
tools?


It can be reproduced, using command 
#  pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l --pin "1234" --delete-object --type cert --id <object-id>

and patched pkcs11-tool:
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index f23948b..30074d8 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -824,6 +824,9 @@ int main(int argc, char * argv[])
                         util_fatal("You should specify at least one of the "
                                         "object ID, object label, application label or application ID\n");
                delete_object(session);
+
+               printf("Now list public keys ...\n");
+               list_objects(session, CKO_PUBLIC_KEY);
        }
 
        if (do_set_id) {


I will look for the solution.



//Peter
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SIGV when deleting certificate but not related public key

Andreas Schwier
Just tried the same.

There is also a SIGV if you try to delete the public key alone.
Apparently the public key object in the framework has no related object
in the pkcs15 layer.

Andreas

Am 27.09.2012 13:04, schrieb Viktor Tarasov:

>
>
> On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Andreas Schwier wrote:
>     > I will first need to write a small test in C to reproduce the
>     problem.
>     > Right now we test from Java, which makes debugging a real nightmare.
>
>     Maybe you can reproduce it using some of the existing command line
>     tools?
>
>
> It can be reproduced, using command
> #  pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l
> --pin "1234" --delete-object --type cert --id <object-id>
>
> and patched pkcs11-tool:
> diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
> index f23948b..30074d8 100644
> --- a/src/tools/pkcs11-tool.c
> +++ b/src/tools/pkcs11-tool.c
> @@ -824,6 +824,9 @@ int main(int argc, char * argv[])
>                          util_fatal("You should specify at least one
> of the "
>                                          "object ID, object label,
> application label or application ID\n");
>                 delete_object(session);
> +
> +               printf("Now list public keys ...\n");
> +               list_objects(session, CKO_PUBLIC_KEY);
>         }
>  
>         if (do_set_id) {
>
>
> I will look for the solution.
>
>
>
>     //Peter
>     _______________________________________________
>     opensc-devel mailing list
>     [hidden email]
>     <mailto:[hidden email]>
>     http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
>
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SIGV when deleting certificate but not related public key

Viktor Tarasov-3


On Thu, Sep 27, 2012 at 1:13 PM, Andreas Schwier <[hidden email]> wrote:
Just tried the same.

There is also a SIGV if you try to delete the public key alone.
Apparently the public key object in the framework has no related object
in the pkcs15 layer.


Public key PKCS#11 object is created from certificate if there is no corresponding PKCS#15 public key object.

As we see, the deletion of the 'parent' cert object has not been sufficiently tested.

 

Andreas

Am <a href="tel:27.09.2012%2013" value="+12709201213">27.09.2012 13:04, schrieb Viktor Tarasov:
>
>
> On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Andreas Schwier wrote:
>     > I will first need to write a small test in C to reproduce the
>     problem.
>     > Right now we test from Java, which makes debugging a real nightmare.
>
>     Maybe you can reproduce it using some of the existing command line
>     tools?
>
>
> It can be reproduced, using command
> #  pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l
> --pin "1234" --delete-object --type cert --id <object-id>
>
> and patched pkcs11-tool:
> diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
> index f23948b..30074d8 100644
> --- a/src/tools/pkcs11-tool.c
> +++ b/src/tools/pkcs11-tool.c
> @@ -824,6 +824,9 @@ int main(int argc, char * argv[])
>                          util_fatal("You should specify at least one
> of the "
>                                          "object ID, object label,
> application label or application ID\n");
>                 delete_object(session);
> +
> +               printf("Now list public keys ...\n");
> +               list_objects(session, CKO_PUBLIC_KEY);
>         }
>
>         if (do_set_id) {
>
>
> I will look for the solution.
>
>
>
>     //Peter
>     _______________________________________________
>     opensc-devel mailing list
>     [hidden email]
>     <mailto:[hidden email]>
>     http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
>
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone <a href="tel:%2B49%20571%2056149" value="+4957156149">+49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel