Hi all,
there is apparently a nasty bug in framework-pkcs15.c that causes a SIGV when via PKCS#11 a certificate object is deleted, but not the related public key object. Occasionally this triggers a SIGV when the caller later accesses the CKA_ID attribute which tries to access the then deleted certificate object. Is there any expert on the list that has intimate knowledge of the framework code that could take a look at it ? Andreas -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org _______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
Andreas Schwier (ML) wrote:
> there is apparently a nasty bug in framework-pkcs15.c that causes a SIGV > when via PKCS#11 a certificate object is deleted, but not the related > public key object. > > Occasionally this triggers a SIGV when the caller later accesses the > CKA_ID attribute which tries to access the then deleted certificate object. > > Is there any expert on the list that has intimate knowledge of the > framework code that could take a look at it ? Please send a backtrace. Build the program with debugging, run the program with gdb --args program, then type bt after the crash. Post output. //Peter _______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
Hi Peter,
I will first need to write a small test in C to reproduce the problem. Right now we test from Java, which makes debugging a real nightmare. Andreas Am 27.09.2012 11:25, schrieb Peter Stuge: > Andreas Schwier (ML) wrote: >> there is apparently a nasty bug in framework-pkcs15.c that causes a SIGV >> when via PKCS#11 a certificate object is deleted, but not the related >> public key object. >> >> Occasionally this triggers a SIGV when the caller later accesses the >> CKA_ID attribute which tries to access the then deleted certificate object. >> >> Is there any expert on the list that has intimate knowledge of the >> framework code that could take a look at it ? > Please send a backtrace. > > Build the program with debugging, run the program with gdb --args > program, then type bt after the crash. Post output. > > > //Peter > _______________________________________________ > opensc-devel mailing list > [hidden email] > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org _______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
Andreas Schwier wrote:
> I will first need to write a small test in C to reproduce the problem. > Right now we test from Java, which makes debugging a real nightmare. Maybe you can reproduce it using some of the existing command line tools? //Peter _______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge <[hidden email]> wrote:
It can be reproduced, using command # pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l --pin "1234" --delete-object --type cert --id <object-id>
and patched pkcs11-tool: diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index f23948b..30074d8 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c
@@ -824,6 +824,9 @@ int main(int argc, char * argv[]) util_fatal("You should specify at least one of the " "object ID, object label, application label or application ID\n");
delete_object(session); + + printf("Now list public keys ...\n"); + list_objects(session, CKO_PUBLIC_KEY); }
if (do_set_id) { I will look for the solution.
_______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
Just tried the same.
There is also a SIGV if you try to delete the public key alone. Apparently the public key object in the framework has no related object in the pkcs15 layer. Andreas Am 27.09.2012 13:04, schrieb Viktor Tarasov: > > > On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge <[hidden email] > <mailto:[hidden email]>> wrote: > > Andreas Schwier wrote: > > I will first need to write a small test in C to reproduce the > problem. > > Right now we test from Java, which makes debugging a real nightmare. > > Maybe you can reproduce it using some of the existing command line > tools? > > > It can be reproduced, using command > # pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l > --pin "1234" --delete-object --type cert --id <object-id> > > and patched pkcs11-tool: > diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c > index f23948b..30074d8 100644 > --- a/src/tools/pkcs11-tool.c > +++ b/src/tools/pkcs11-tool.c > @@ -824,6 +824,9 @@ int main(int argc, char * argv[]) > util_fatal("You should specify at least one > of the " > "object ID, object label, > application label or application ID\n"); > delete_object(session); > + > + printf("Now list public keys ...\n"); > + list_objects(session, CKO_PUBLIC_KEY); > } > > if (do_set_id) { > > > I will look for the solution. > > > > //Peter > _______________________________________________ > opensc-devel mailing list > [hidden email] > <mailto:[hidden email]> > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > > > > _______________________________________________ > opensc-devel mailing list > [hidden email] > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org _______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
On Thu, Sep 27, 2012 at 1:13 PM, Andreas Schwier <[hidden email]> wrote: Just tried the same. Public key PKCS#11 object is created from certificate if there is no corresponding PKCS#15 public key object.
As we see, the deletion of the 'parent' cert object has not been sufficiently tested.
_______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
Free forum by Nabble | Edit this page |