Skip to content

C
core
Dal (branch)/etiket değiştir
Geçmiş Dosya bul
  • Stephan Bergmann's avatar
    xmlSecNssPKIAdoptKey apparently takes over ownership of keys · 23874f86
    Stephan Bergmann yazdı 
    (e.g., see xmlSecNssPKIKeyDataAdoptKey called from xmlSecNssPKIAdoptKey in
workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c, which has

    if (ctx->privkey) {
        SECKEY_DestroyPrivateKey(ctx->privkey);
    }
    ctx->privkey = privkey;

to install the passed in new privkey as ctx->privkey, which is apparently
considered owned by ctx)

Presumably since ab7fabd8 "lok: update the test
for singing the document from LOK" changed the relevant test code,
CppunitTest_desktop_lib fails in ASan builds with

> ==16681==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d001a914a8 at pc 0x7f2af9afdf33 bp 0x7ffd59d3ccb0 sp 0x7ffd59d3cca8
> READ of size 4 at 0x61d001a914a8 thread T0
>  #0 in SECKEY_GetPrivateKeyType at workdir/UnpackedTarball/nss/nss/lib/cryptohi/seckey.c:1716:21 (instdir/program/libnss3.so +0x3c6f32)
>  #1 in xmlSecNssPKIAdoptKey at workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:208:19 (instdir/program/libxsec_xmlsec.so +0x4026bc)
>  #2 in SecurityEnvironment_NssImpl::createKeysManager() at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:846:41 (instdir/program/libxsec_xmlsec.so +0x36a4ce)
>  #3 in XMLSignature_NssImpl::validate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSecurityContext> const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx:231:56 (instdir/program/libxsec_xmlsec.so +0x3ca23e)
>  #4 in non-virtual thunk to XMLSignature_NssImpl::validate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSecurityContext> const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx (instdir/program/libxsec_xmlsec.so +0x3cb1ca)
>  #5 in SignatureVerifierImpl::startEngine(rtl::Reference<XMLSignatureTemplateImpl> const&) at xmlsecurity/source/framework/signatureverifierimpl.cxx:70:44 (instdir/program/libxmlsecurity.so +0x6da8a9)
>  #6 in SignatureEngine::tryToPerform() at xmlsecurity/source/framework/signatureengine.cxx:112:9 (instdir/program/libxmlsecurity.so +0x6c9a4e)
>  #7 in SecurityEngine::referenceResolved(int) at xmlsecurity/source/framework/securityengine.cxx:39:5 (instdir/program/libxmlsecurity.so +0x6ba84a)
>  #8 in ElementCollector::doNotify() at xmlsecurity/source/framework/elementcollector.cxx:136:39 (instdir/program/libxmlsecurity.so +0x660853)
>  #9 in ElementCollector::notifyListener() at xmlsecurity/source/framework/elementcollector.cxx:88:5 (instdir/program/libxmlsecurity.so +0x660006)
>  #10 in BufferNode::elementCollectorNotify() at xmlsecurity/source/framework/buffernode.cxx:725:40 (instdir/program/libxmlsecurity.so +0x5fe591)
>  #11 in BufferNode::setReceivedAll() at xmlsecurity/source/framework/buffernode.cxx:96:5 (instdir/program/libxmlsecurity.so +0x5fd61a)
>  #12 in SAXEventKeeperImpl::endElement(rtl::OUString const&) at xmlsecurity/source/framework/saxeventkeeperimpl.cxx:1067:36 (instdir/program/libxmlsecurity.so +0x67694c)
>  #13 in XSecParser::endElement(rtl::OUString const&) at xmlsecurity/source/helper/xsecparser.cxx:408:29 (instdir/program/libxmlsecurity.so +0x885bd6)
>  #14 in (anonymous namespace)::SaxExpatParser_Impl::callbackEndElement(void*, char const*) at sax/source/expatwrap/sax_expat.cxx:731:9 (instdir/program/libexpwraplo.so +0x1a0817)
>  #15 in (anonymous namespace)::call_callbackEndElement(void*, char const*) at sax/source/expatwrap/sax_expat.cxx:242:9 (instdir/program/libexpwraplo.so +0x199604)
>  #16 in doContent at workdir/UnpackedTarball/expat/lib/xmlparse.c:2954:11 (instdir/program/libexpwraplo.so +0x32fdf9)
>  #17 in contentProcessor at workdir/UnpackedTarball/expat/lib/xmlparse.c:2531:27 (instdir/program/libexpwraplo.so +0x319c93)
>  #18 in doProlog at workdir/UnpackedTarball/expat/lib/xmlparse.c:4556:14 (instdir/program/libexpwraplo.so +0x313539)
>  #19 in prologProcessor at workdir/UnpackedTarball/expat/lib/xmlparse.c:4270:10 (instdir/program/libexpwraplo.so +0x2ffcc8)
>  #20 in XML_ParseBuffer at workdir/UnpackedTarball/expat/lib/xmlparse.c:1983:25 (instdir/program/libexpwraplo.so +0x2fafbf)
>  #21 in (anonymous namespace)::SaxExpatParser_Impl::parse() at sax/source/expatwrap/sax_expat.cxx:654:27 (instdir/program/libexpwraplo.so +0x19a27e)
>  #22 in (anonymous namespace)::SaxExpatParser::parseStream(com::sun::star::xml::sax::InputSource const&) at sax/source/expatwrap/sax_expat.cxx:484:14 (instdir/program/libexpwraplo.so +0x192774)
>  #23 in XMLSignatureHelper::ReadAndVerifySignature(com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&) at xmlsecurity/source/helper/xmlsignaturehelper.cxx:278:18 (instdir/program/libxmlsecurity.so +0x7dd825)
>  #24 in DocumentSignatureManager::read(bool, bool) at xmlsecurity/source/helper/documentsignaturemanager.cxx:549:31 (instdir/program/libxmlsecurity.so +0x743aaa)
>  #25 in DocumentDigitalSignatures::signDocumentWithCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::io::XStream> const&) at xmlsecurity/source/component/documentdigitalsignatures.cxx:781:23 (instdir/program/libxmlsecurity.so +0x4855fc)
>  #26 in SfxMedium::SignDocumentContentUsingCertificate(bool, com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) at sfx2/source/doc/docfile.cxx:3709:42 (instdir/program/libsfxlo.so +0x3577abe)
>  #27 in SfxObjectShell::SignDocumentContentUsingCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) at sfx2/source/doc/objserv.cxx:1659:38 (instdir/program/libsfxlo.so +0x37e1aab)
>  #28 in doc_insertCertificate(_LibreOfficeKitDocument*, unsigned char const*, int, unsigned char const*, int) at desktop/source/lib/init.cxx:3690:26 (instdir/program/libsofficeapp.so +0x7a40af)
>  #29 in DesktopLOKTest::testInsertCertificate() at desktop/qa/desktop_lib/test_desktop_lib.cxx:2322:24 (workdir/LinkTarget/CppunitTest/libtest_desktop_lib.so +0x187439)
>
> 0x61d001a914a8 is located 40 bytes inside of 2048-byte region [0x61d001a91480,0x61d001a91c80)
> freed by thread T0 here:
>  #0 in free at /home/sbergman/github.com/llvm-project/llvm-project-20170507/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3 (workdir/LinkTarget/Executable/cppunittester +0x4feda8)
>  #1 in PR_Free at workdir/UnpackedTarball/nss/nspr/out/pr/src/malloc/../../../../pr/src/malloc/prmem.c:458:9 (instdir/program/libnspr4.so +0x12c5af)
>  #2 in FreeArenaList at workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:195:9 (instdir/program/libplds4.so +0xcc36)
>  #3 in PL_FreeArenaPool at workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:216:5 (instdir/program/libplds4.so +0xcd9d)
>  #4 in PORT_FreeArena_Util at workdir/UnpackedTarball/nss/nss/lib/util/secport.c:383:9 (instdir/program/libnssutil3.so +0x103381)
>  #5 in SECKEY_DestroyPrivateKey at workdir/UnpackedTarball/nss/nss/lib/cryptohi/seckey.c:250:13 (instdir/program/libnss3.so +0x3baa05)
>  #6 in xmlSecNSSPKIKeyDataCtxFree at workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:109:9 (instdir/program/libxsec_xmlsec.so +0x4093a3)
>  #7 in xmlSecNssPKIKeyDataFinalize at workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:99:5 (instdir/program/libxsec_xmlsec.so +0x417a61)
>  #8 in xmlSecNssKeyDataRsaFinalize at workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:1086:5 (instdir/program/libxsec_xmlsec.so +0x419214)
>  #9 in xmlSecKeyDataDestroy at workdir/UnpackedTarball/xmlsec/src/keysdata.c:248:9 (instdir/program/libxsec_xmlsec.so +0x5213f4)
>  #10 in xmlSecKeyEmpty at workdir/UnpackedTarball/xmlsec/src/keys.c:533:9 (instdir/program/libxsec_xmlsec.so +0x518026)
>  #11 in xmlSecKeyDestroy at workdir/UnpackedTarball/xmlsec/src/keys.c:555:5 (instdir/program/libxsec_xmlsec.so +0x51838a)
>  #12 in xmlSecPtrListEmpty at workdir/UnpackedTarball/xmlsec/src/list.c:149:17 (instdir/program/libxsec_xmlsec.so +0x54943a)
>  #13 in xmlSecPtrListFinalize at workdir/UnpackedTarball/xmlsec/src/list.c:129:5 (instdir/program/libxsec_xmlsec.so +0x548b87)
>  #14 in xmlSecSimpleKeysStoreFinalize at workdir/UnpackedTarball/xmlsec/src/keysmngr.c:663:5 (instdir/program/libxsec_xmlsec.so +0x5432b0)
>  #15 in xmlSecKeyStoreDestroy at workdir/UnpackedTarball/xmlsec/src/keysmngr.c:274:9 (instdir/program/libxsec_xmlsec.so +0x53a03c)
>  #16 in xmlSecNssKeysStoreFinalize at workdir/UnpackedTarball/xmlsec/src/nss/keysstore.c:276:5 (instdir/program/libxsec_xmlsec.so +0x485f76)
>  #17 in xmlSecKeyStoreDestroy at workdir/UnpackedTarball/xmlsec/src/keysmngr.c:274:9 (instdir/program/libxsec_xmlsec.so +0x53a03c)
>  #18 in xmlSecKeysMngrDestroy at workdir/UnpackedTarball/xmlsec/src/keysmngr.c:84:9 (instdir/program/libxsec_xmlsec.so +0x539a79)
>  #19 in SecurityEnvironment_NssImpl::destroyKeysManager(_xmlSecKeysMngr*) at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:862:9 (instdir/program/libxsec_xmlsec.so +0x36a817)
>  #20 in std::default_delete<_xmlSecKeysMngr>::operator()(_xmlSecKeysMngr*) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx:52:46 (instdir/program/libxsec_xmlsec.so +0x3cd05d)
>  #21 in std::unique_ptr<_xmlSecKeysMngr, std::default_delete<_xmlSecKeysMngr> >::~unique_ptr() at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:274:4 (instdir/program/libxsec_xmlsec.so +0x3cc759)
>  #22 in XMLSignature_NssImpl::generate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XSecurityEnvironment> const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx:173:1 (instdir/program/libxsec_xmlsec.so +0x3c8934)
>  #23 in non-virtual thunk to XMLSignature_NssImpl::generate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XSecurityEnvironment> const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx (instdir/program/libxsec_xmlsec.so +0x3c8b9a)
>  #24 in SignatureCreatorImpl::startEngine(rtl::Reference<XMLSignatureTemplateImpl> const&) at xmlsecurity/source/framework/signaturecreatorimpl.cxx:78:44 (instdir/program/libxmlsecurity.so +0x6be738)
>  #25 in SignatureEngine::tryToPerform() at xmlsecurity/source/framework/signatureengine.cxx:112:9 (instdir/program/libxmlsecurity.so +0x6c9a4e)
>  #26 in SecurityEngine::referenceResolved(int) at xmlsecurity/source/framework/securityengine.cxx:39:5 (instdir/program/libxmlsecurity.so +0x6ba84a)
>  #27 in ElementCollector::doNotify() at xmlsecurity/source/framework/elementcollector.cxx:136:39 (instdir/program/libxmlsecurity.so +0x660853)
>  #28 in ElementCollector::notifyListener() at xmlsecurity/source/framework/elementcollector.cxx:88:5 (instdir/program/libxmlsecurity.so +0x660006)
>  #29 in BufferNode::elementCollectorNotify() at xmlsecurity/source/framework/buffernode.cxx:725:40 (instdir/program/libxmlsecurity.so +0x5fe591)
>  #30 in BufferNode::setReceivedAll() at xmlsecurity/source/framework/buffernode.cxx:96:5 (instdir/program/libxmlsecurity.so +0x5fd61a)
>  #31 in SAXEventKeeperImpl::endElement(rtl::OUString const&) at xmlsecurity/source/framework/saxeventkeeperimpl.cxx:1067:36 (instdir/program/libxmlsecurity.so +0x67694c)
>  #32 in XSecController::exportSignature(com::sun::star::uno::Reference<com::sun::star::xml::sax::XDocumentHandler> const&, SignatureInformation const&, bool) at xmlsecurity/source/helper/xsecctl.cxx:916:23 (instdir/program/libxmlsecurity.so +0x868894)
>  #33 in XSecController::WriteSignature(com::sun::star::uno::Reference<com::sun::star::xml::sax::XDocumentHandler> const&, bool) at xmlsecurity/source/helper/xsecsign.cxx:393:17 (instdir/program/libxmlsecurity.so +0x894df1)
>  #34 in XMLSignatureHelper::CreateAndWriteSignature(com::sun::star::uno::Reference<com::sun::star::xml::sax::XDocumentHandler> const&, bool) at xmlsecurity/source/helper/xmlsignaturehelper.cxx:248:29 (instdir/program/libxmlsecurity.so +0x7dcebe)
>  #35 in DocumentSignatureManager::add(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSecurityContext> const&, rtl::OUString const&, int&, bool, rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::graphic::XGraphic> const&, com::sun::star::uno::Reference<com::sun::star::graphic::XGraphic> const&) at xmlsecurity/source/helper/documentsignaturemanager.cxx:422:27 (instdir/program/libxmlsecurity.so +0x74032e)
>  #36 in DocumentDigitalSignatures::signDocumentWithCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::io::XStream> const&) at xmlsecurity/source/component/documentdigitalsignatures.cxx:777:39 (instdir/program/libxmlsecurity.so +0x48541a)
>  #37 in SfxMedium::SignDocumentContentUsingCertificate(bool, com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) at sfx2/source/doc/docfile.cxx:3709:42 (instdir/program/libsfxlo.so +0x3577abe)
>  #38 in SfxObjectShell::SignDocumentContentUsingCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) at sfx2/source/doc/objserv.cxx:1659:38 (instdir/program/libsfxlo.so +0x37e1aab)
>  #39 in doc_insertCertificate(_LibreOfficeKitDocument*, unsigned char const*, int, unsigned char const*, int) at desktop/source/lib/init.cxx:3690:26 (instdir/program/libsofficeapp.so +0x7a40af)
>  #40 in DesktopLOKTest::testInsertCertificate() at desktop/qa/desktop_lib/test_desktop_lib.cxx:2322:24 (workdir/LinkTarget/CppunitTest/libtest_desktop_lib.so +0x187439)
>
> previously allocated by thread T0 here:
>  #0 in __interceptor_malloc at /home/sbergman/github.com/llvm-project/llvm-project-20170507/compiler-rt/lib/asan/asan_malloc_linux.cc:146:3 (workdir/LinkTarget/Executable/cppunittester +0x4ff187)
>  #1 in PR_Malloc at workdir/UnpackedTarball/nss/nspr/out/pr/src/malloc/../../../../pr/src/malloc/prmem.c:435:55 (instdir/program/libnspr4.so +0x12892c)
>  #2 in PL_ArenaAllocate at workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:127:27 (instdir/program/libplds4.so +0x9c8f)
>  #3 in PORT_ArenaAlloc_Util at workdir/UnpackedTarball/nss/nss/lib/util/secport.c:321:9 (instdir/program/libnssutil3.so +0x1028c3)
>  #4 in PORT_ArenaZAlloc_Util at workdir/UnpackedTarball/nss/nss/lib/util/secport.c:342:9 (instdir/program/libnssutil3.so +0x10311f)
>  #5 in PK11_MakePrivKey at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11akey.c:865:9 (instdir/program/libnss3.so +0x3f6529)
>  #6 in PK11_ImportAndReturnPrivateKey at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pk12.c:538:18 (instdir/program/libnss3.so +0x4ebcac)
>  #7 in PK11_ImportPrivateKeyInfoAndReturnKey at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pk12.c:645:10 (instdir/program/libnss3.so +0x4dea0c)
>  #8 in PK11_ImportDERPrivateKeyInfoAndReturnKey at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pk12.c:299:10 (instdir/program/libnss3.so +0x4ddba8)
>  #9 in SecurityEnvironment_NssImpl::insertPrivateKey(com::sun::star::uno::Sequence<signed char> const&) at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:883:25 (instdir/program/libxsec_xmlsec.so +0x36ac38)
>  #10 in SecurityEnvironment_NssImpl::createDERCertificateWithPrivateKey(com::sun::star::uno::Sequence<signed char> const&, com::sun::star::uno::Sequence<signed char> const&) at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:897:37 (instdir/program/libxsec_xmlsec.so +0x36afe6)
>  #11 in non-virtual thunk to SecurityEnvironment_NssImpl::createDERCertificateWithPrivateKey(com::sun::star::uno::Sequence<signed char> const&, com::sun::star::uno::Sequence<signed char> const&) at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx (instdir/program/libxsec_xmlsec.so +0x36b49a)
>  #12 in doc_insertCertificate(_LibreOfficeKitDocument*, unsigned char const*, int, unsigned char const*, int) at desktop/source/lib/init.cxx:3685:41 (instdir/program/libsofficeapp.so +0x7a3ea3)
>  #13 in DesktopLOKTest::testInsertCertificate() at desktop/qa/desktop_lib/test_desktop_lib.cxx:2322:24 (workdir/LinkTarget/CppunitTest/libtest_desktop_lib.so +0x187439)

Change-Id: Id54bdea78affbf3aa24a1e9bb565c46f48f512e6
Reviewed-on: https://gerrit.libreoffice.org/62914
Tested-by: Jenkins
Reviewed-by: 's avatarStephan Bergmann <sbergman@redhat.com>
    23874f86
Adı
Son kayıt (commit)
 Son güncelleme
..
certerrors.h Loading commit data...
ciphercontext.cxx Loading commit data...
ciphercontext.hxx Loading commit data...
digestcontext.cxx Loading commit data...
digestcontext.hxx Loading commit data...
nssinitializer.cxx Loading commit data...
nssinitializer.hxx Loading commit data...
nssrenam.h Loading commit data...
sanextension_nssimpl.cxx Loading commit data...
sanextension_nssimpl.hxx Loading commit data...
secerror.cxx Loading commit data...
secerror.hxx Loading commit data...
securityenvironment_nssimpl.cxx Loading commit data...
securityenvironment_nssimpl.hxx Loading commit data...
seinitializer_nssimpl.cxx Loading commit data...
seinitializer_nssimpl.hxx Loading commit data...
x509certificate_nssimpl.cxx Loading commit data...
x509certificate_nssimpl.hxx Loading commit data...
xmlsecuritycontext_nssimpl.cxx Loading commit data...
xmlsignature_nssimpl.cxx Loading commit data...