[opensc-devel] SIGV when deleting certificate but not related public key
Hi all, there is apparently a nasty bug in framework-pkcs15.c that causes a SIGV when via PKCS#11 a certificate object is deleted, but not the related public key object. Occasionally this triggers a SIGV when the caller later accesses the CKA_ID attribute which tries to access the then deleted certificate object. Is there any expert on the list that has intimate knowledge of the framework code that could take a look at it ? Andreas -- -CardContact Software System Consulting |.## ##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'## ##'| Phone +49 571 56149 -http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] SIGV when deleting certificate but not related public key
Hi Peter, I will first need to write a small test in C to reproduce the problem. Right now we test from Java, which makes debugging a real nightmare. Andreas Am 27.09.2012 11:25, schrieb Peter Stuge: Andreas Schwier (ML) wrote: there is apparently a nasty bug in framework-pkcs15.c that causes a SIGV when via PKCS#11 a certificate object is deleted, but not the related public key object. Occasionally this triggers a SIGV when the caller later accesses the CKA_ID attribute which tries to access the then deleted certificate object. Is there any expert on the list that has intimate knowledge of the framework code that could take a look at it ? Please send a backtrace. Build the program with debugging, run the program with gdb --args program, then type bt after the crash. Post output. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- -CardContact Software System Consulting |.## ##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'## ##'| Phone +49 571 56149 -http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] SIGV when deleting certificate but not related public key
Andreas Schwier wrote: I will first need to write a small test in C to reproduce the problem. Right now we test from Java, which makes debugging a real nightmare. Maybe you can reproduce it using some of the existing command line tools? //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] SIGV when deleting certificate but not related public key
On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge pe...@stuge.se wrote: Andreas Schwier wrote: I will first need to write a small test in C to reproduce the problem. Right now we test from Java, which makes debugging a real nightmare. Maybe you can reproduce it using some of the existing command line tools? It can be reproduced, using command # pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l --pin 1234 --delete-object --type cert --id object-id and patched pkcs11-tool: diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index f23948b..30074d8 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -824,6 +824,9 @@ int main(int argc, char * argv[]) util_fatal(You should specify at least one of the object ID, object label, application label or application ID\n); delete_object(session); + + printf(Now list public keys ...\n); + list_objects(session, CKO_PUBLIC_KEY); } if (do_set_id) { I will look for the solution. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] SIGV when deleting certificate but not related public key
Just tried the same. There is also a SIGV if you try to delete the public key alone. Apparently the public key object in the framework has no related object in the pkcs15 layer. Andreas Am 27.09.2012 13:04, schrieb Viktor Tarasov: On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge pe...@stuge.se mailto:pe...@stuge.se wrote: Andreas Schwier wrote: I will first need to write a small test in C to reproduce the problem. Right now we test from Java, which makes debugging a real nightmare. Maybe you can reproduce it using some of the existing command line tools? It can be reproduced, using command # pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l --pin 1234 --delete-object --type cert --id object-id and patched pkcs11-tool: diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index f23948b..30074d8 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -824,6 +824,9 @@ int main(int argc, char * argv[]) util_fatal(You should specify at least one of the object ID, object label, application label or application ID\n); delete_object(session); + + printf(Now list public keys ...\n); + list_objects(session, CKO_PUBLIC_KEY); } if (do_set_id) { I will look for the solution. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org mailto:opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- -CardContact Software System Consulting |.## ##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'## ##'| Phone +49 571 56149 -http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] SIGV when deleting certificate but not related public key
On Thu, Sep 27, 2012 at 1:13 PM, Andreas Schwier andreas.schw...@cardcontact.de wrote: Just tried the same. There is also a SIGV if you try to delete the public key alone. Apparently the public key object in the framework has no related object in the pkcs15 layer. Public key PKCS#11 object is created from certificate if there is no corresponding PKCS#15 public key object. https://github.com/OpenSC/OpenSC/blob/master/src/pkcs11/framework-pkcs15.c#L544 As we see, the deletion of the 'parent' cert object has not been sufficiently tested. Andreas Am 27.09.2012 13:04, schrieb Viktor Tarasov: On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge pe...@stuge.se mailto:pe...@stuge.se wrote: Andreas Schwier wrote: I will first need to write a small test in C to reproduce the problem. Right now we test from Java, which makes debugging a real nightmare. Maybe you can reproduce it using some of the existing command line tools? It can be reproduced, using command # pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l --pin 1234 --delete-object --type cert --id object-id and patched pkcs11-tool: diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index f23948b..30074d8 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -824,6 +824,9 @@ int main(int argc, char * argv[]) util_fatal(You should specify at least one of the object ID, object label, application label or application ID\n); delete_object(session); + + printf(Now list public keys ...\n); + list_objects(session, CKO_PUBLIC_KEY); } if (do_set_id) { I will look for the solution. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org mailto:opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- -CardContact Software System Consulting |.## ##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'## ##'| Phone +49 571 56149 -http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel