Bug 99795 - trust: trust/pem.c:277: p11_pem_write: Assertion `len > 0' failed
Summary: trust: trust/pem.c:277: p11_pem_write: Assertion `len > 0' failed
Status: RESOLVED FIXED
Alias: None
Product: p11-glue
Classification: Unclassified
Component: p11-kit (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Stef Walter
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-02-13 13:54 UTC by Kai Engert
Modified: 2017-02-14 13:33 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Kai Engert 2017-02-13 13:54:40 UTC 
I see a crash with p11-kit HEAD from github (at fd9b5c19485e2b88150696b523d889df2ed41cba )

I did the following on a fedora 25 system, with the released contents of the ca-certificate package.

./autogen.sh --prefix=/home/kaie/local/p11-kit --disable-static --with-trust-paths=/etc/pki/ca-trust/source:/usr/pki/ca-trust-source --disable-silent-rules

make; make install

I set PATH and LD_LIBRARY_PATH to point to my local install.
Then I ran a command, which is equivalent to what Fedora's update-ca-trust runs:

cd /tmp
p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth /tmp/test.pem

I get:
trust: trust/pem.c:277: p11_pem_write: Assertion `len > 0' failed.
Aborted (core dumped)


stack:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58
#1  0x00007ffff6ee051a in __GI_abort () at abort.c:89
#2  0x00007ffff6ed6da7 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x41839e "len > 0", file=file@entry=0x418323 "trust/pem.c", line=line@entry=277, function=function@entry=0x4183c0 <__PRETTY_FUNCTION__.4506> "p11_pem_write") at assert.c:92
#3  0x00007ffff6ed6e52 in __GI___assert_fail (assertion=assertion@entry=0x41839e "len > 0", file=file@entry=0x418323 "trust/pem.c", line=line@entry=277, function=function@entry=0x4183c0 <__PRETTY_FUNCTION__.4506> "p11_pem_write") at assert.c:101
#4  0x000000000040e3f0 in p11_pem_write (contents=0x0, length=0, type=type@entry=0x414e7f "CERTIFICATE", buf=buf@entry=0x7fffffffd880) at trust/pem.c:277
#5  0x000000000040bcb5 in p11_extract_pem_bundle (ex=0x7fffffffd8e0, destination=<optimized out>) at trust/extract-pem.c:69
#6  0x000000000040a059 in p11_trust_extract (argc=1, argv=0x7fffffffdca8) at trust/extract.c:288
#7  0x00007ffff6ec9401 in __libc_start_main (main=0x402d20 <main>, argc=8, argv=0x7fffffffdc78, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdc68) at ../csu/libc-start.c:289
#8  0x0000000000402d5a in _start ()
Comment 1 Kai Engert 2017-02-13 13:57:46 UTC 
There was a small typo in the trust-paths parameter, the correct second path is /usr/share/pki/ca-trust-source

I changed that, but I still get the same assertion failure.
Comment 2 Kai Engert 2017-02-13 14:09:14 UTC 
Doesn't have the bug:
https://github.com/p11-glue/p11-kit/commit/9bb1613011370b00c7b561d7de30c205a246a586

Has the bug:
https://github.com/p11-glue/p11-kit/commit/cfa9fefb2b4c4d8c1d38284817c61dcf5d3f4716

The regression was introduced by one of the 5 commits from Jan 31 to the trust command code.
Comment 3 Kai Engert 2017-02-13 14:11:23 UTC 
This is the first commit that has the regression:
https://github.com/p11-glue/p11-kit/commit/f4384a40657e6abde6658ac7600abb879818b493
Comment 4 Daiki Ueno 2017-02-13 15:45:32 UTC 
Thank you for the report and analysis.  I have provided a patch in:
https://github.com/p11-glue/p11-kit/pull/47

(There should be some tests for the 'trust' command, but anyway.)
Comment 5 Daiki Ueno 2017-02-14 13:33:18 UTC 
Pushed to the git master.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.