Control: tags 924050 + upstream fixed-upstream patch
Dear Maintainer, I tried to reproduce this crash, and received one with this example file [1]. But due to the lack of the submitters original file, this crash might be different. However, following crash got already fixed upstream [2][3] and released in poppler 0.72.0. The upstream patch needed slight modification. An poppler package built with that patch shows the signature information successfully. Kind regards, Bernhard [1] https://blogs.adobe.com/security/SampleSignedPDFDocument.pdf [2] https://gitlab.freedesktop.org/poppler/poppler/issues/669 [3] https://gitlab.freedesktop.org/poppler/poppler/commit/a85c2ed8f4359341adb94887c4b551a761244fdb (gdb) bt #0 0x00007f33db0d1c84 in SECMOD_ReferenceModule (module=0x0) at pk11util.c:847 #1 0x00007f33db0d21fc in SECMOD_AddModule (newModule=0x5648cf9cdd40) at pk11util.c:541 #2 SECMOD_AddModule (newModule=0x5648cf9cdd40) at pk11util.c:519 #3 0x00007f33db0d22a0 in SECMOD_AddNewModuleEx (moduleName=0x7f33dbcfce7d "Root Certs", dllPath=0x7f33dbcfce6f "libnssckbi.so", defaultMechanismFlags=0, cipherEnableFlags=0, modparms=<optimized out>, nssparms=<optimized out>) at pk11util.c:695 #4 0x00007f33dbcb1199 in SignatureHandler::SignatureHandler (this=0x7ffe927d1830, p7=0x5648cf9bed80 "0\202&\341\006\t*\206H\206\367\r\001\a\002\240\202&\322\060\202&\316\002\001\001\061\v0\t\006\005+\016\003\002\032\005", p7_length=10971) at ./poppler/SignatureHandler.cc:136 #5 0x00007f33dbbabb16 in FormFieldSignature::validateSignature (forceRevalidation=<optimized out>, validationTime=-1, doVerifyCert=true, this=0x5648cf99b7f0) at ./poppler/Form.cc:1722 #6 FormFieldSignature::validateSignature (this=0x5648cf99b7f0, doVerifyCert=<optimized out>, forceRevalidation=<optimized out>, validationTime=-1) at ./poppler/Form.cc:1689 #7 0x00005648ceee7a5d in main (argc=<optimized out>, argv=<optimized out>) at /usr/include/c++/8/bits/stl_vector.h:979
>From a85c2ed8f4359341adb94887c4b551a761244fdb Mon Sep 17 00:00:00 2001 From: Albert Astals Cid <aa...@kde.org> Date: Sat, 17 Nov 2018 19:29:16 +0100 Subject: [PATCH] Be more stubborn looking for a nssdb Fixes issue #669 (Bernhard Ãbelacker: Adapted to match debian package 0.71.0, https://bugs.debian.org/924050 ) --- poppler/SignatureHandler.cc | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc index a98e3f7..a49d34a 100644 --- a/poppler/SignatureHandler.cc +++ b/poppler/SignatureHandler.cc @@ -114,10 +114,19 @@ GooString *SignatureHandler::getDefaultFirefoxCertDB_Linux() void SignatureHandler::init_nss() { GooString *certDBPath = getDefaultFirefoxCertDB_Linux(); + bool initSuccess = false; if (certDBPath == nullptr) { - NSS_Init("sql:/etc/pki/nssdb"); + initSuccess = (NSS_Init("sql:/etc/pki/nssdb") == SECSuccess); } else { - NSS_Init(certDBPath->getCString()); + initSuccess = (NSS_Init(certDBPath->getCString()) == SECSuccess); + } + if (!initSuccess) { + GooString homeNssDb(getenv("HOME")); + homeNssDb.append("/.pki/nssdb"); + initSuccess = (NSS_Init(homeNssDb.getCString()) == SECSuccess); + if (!initSuccess) { + NSS_NoDB_Init(nullptr); + } } //Make sure NSS root certificates module is loaded SECMOD_AddNewModule("Root Certs", "libnssckbi.so", 0, 0); -- 2.20.1
# Buster amd64 qemu VM 2019-03-22 apt update apt dist-upgrade apt install dpkg-dev devscripts systemd-coredump poppler-utils gdb poppler-utils-dbgsym libpoppler82-dbgsym libnss3-dbgsym mc apt build-dep poppler wget https://blogs.adobe.com/security/SampleSignedPDFDocument.pdf /usr/bin/pdfsig SampleSignedPDFDocument.pdf mkdir /tmp/source/libnss3/orig -p cd /tmp/source/libnss3/orig apt source libnss3 cd mkdir /tmp/source/poppler/orig -p cd /tmp/source/poppler/orig apt source poppler cd set width 0 set pagination off directory /tmp/source/libnss3/orig/nss-3.42.1/nss/lib/pk11wrap bt ########## benutzer@debian:~$ /usr/bin/pdfsig SampleSignedPDFDocument.pdf Digital Signature Info of: SampleSignedPDFDocument.pdf Internal Error (0): couldn't find default Firefox Folder Speicherzugriffsfehler (Speicherabzug geschrieben) [ 168.783249] pdfsig[14900]: segfault at 38 ip 00007f33db0d1c84 sp 00007ffe927d1750 error 4 in libnss3.so[7f33db08c000+f0000] [ 168.783259] Code: b2 a5 fb ff 48 85 c0 74 0f 48 c7 00 00 00 00 00 48 c7 40 08 00 00 00 00 48 83 c4 08 c3 66 0f 1f 84 00 00 00 00 00 53 48 89 fb <48> 8b 7f 38 e8 f3 bb fb ff 83 43 40 01 48 8b 7b 38 e8 66 c9 fb ff root@debian:~# coredumpctl list TIME PID UID GID SIG COREFILE EXE Fri 2019-03-22 22:50:23 CET 14900 1000 1000 11 present /usr/bin/pdfsig root@debian:~# coredumpctl gdb 14900 PID: 14900 (pdfsig) UID: 1000 (benutzer) GID: 1000 (benutzer) Signal: 11 (SEGV) Timestamp: Fri 2019-03-22 22:50:23 CET (1min 41s ago) Command Line: /usr/bin/pdfsig SampleSignedPDFDocument.pdf Executable: /usr/bin/pdfsig Control Group: /user.slice/user-1000.slice/session-3.scope Unit: session-3.scope Slice: user-1000.slice Session: 3 Owner UID: 1000 (benutzer) Boot ID: 50d2a12e8a2f4f90a67993fe31495b4b Machine ID: 32f43b50ac8c4b21941bc0b02f8e7811 Hostname: debian Storage: /var/lib/systemd/coredump/core.pdfsig.1000.50d2a12e8a2f4f90a67993fe31495b4b.14900.1553291423000000.lz4 Message: Process 14900 (pdfsig) of user 1000 dumped core. Stack trace of thread 14900: #0 0x00007f33db0d1c84 SECMOD_ReferenceModule (libnss3.so) #1 0x00007f33db0d21fc n/a (libnss3.so) #2 0x00007f33db0d22a0 SECMOD_AddNewModuleEx (libnss3.so) #3 0x00007f33dbcb1199 _ZN16SignatureHandlerC2EPhi (libpoppler.so.82) #4 0x00007f33dbbabb16 _ZN18FormFieldSignature17validateSignatureEbbl (libpoppler.so.82) #5 0x00005648ceee7a5d main (pdfsig) #6 0x00007f33db77009b __libc_start_main (libc.so.6) #7 0x00005648ceee7f4a _start (pdfsig) GNU gdb (Debian 8.2.1-2) 8.2.1 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/bin/pdfsig...(no debugging symbols found)...done. [New LWP 14900] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/usr/bin/pdfsig SampleSignedPDFDocument.pdf'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f33db0d1c84 in SECMOD_ReferenceModule () from /usr/lib/x86_64-linux-gnu/libnss3.so (gdb) bt #0 0x00007f33db0d1c84 in SECMOD_ReferenceModule () from /usr/lib/x86_64-linux-gnu/libnss3.so #1 0x00007f33db0d21fc in ?? () from /usr/lib/x86_64-linux-gnu/libnss3.so #2 0x00007f33db0d22a0 in SECMOD_AddNewModuleEx () from /usr/lib/x86_64-linux-gnu/libnss3.so #3 0x00007f33dbcb1199 in SignatureHandler::SignatureHandler(unsigned char*, int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.82 #4 0x00007f33dbbabb16 in FormFieldSignature::validateSignature(bool, bool, long) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.82 #5 0x00005648ceee7a5d in main () root@debian:~# dpkg -S /usr/lib/x86_64-linux-gnu/libpoppler.so.82 libpoppler82:amd64: /usr/lib/x86_64-linux-gnu/libpoppler.so.82 root@debian:~# dpkg -S /usr/lib/x86_64-linux-gnu/libnss3.so libnss3:amd64: /usr/lib/x86_64-linux-gnu/libnss3.so Core was generated by `/usr/bin/pdfsig SampleSignedPDFDocument.pdf'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f33db0d1c84 in SECMOD_ReferenceModule (module=0x0) at pk11util.c:847 847 pk11util.c: Datei oder Verzeichnis nicht gefunden. (gdb) set width 0 (gdb) set pagination off (gdb) directory /tmp/source/libnss3/orig/nss-3.42.1/nss/lib/pk11wrap Source directories searched: /tmp/source/libnss3/orig/nss-3.42.1/nss/lib/pk11wrap:$cdir:$cwd (gdb) bt #0 0x00007f33db0d1c84 in SECMOD_ReferenceModule (module=0x0) at pk11util.c:847 #1 0x00007f33db0d21fc in SECMOD_AddModule (newModule=0x5648cf9cdd40) at pk11util.c:541 #2 SECMOD_AddModule (newModule=0x5648cf9cdd40) at pk11util.c:519 #3 0x00007f33db0d22a0 in SECMOD_AddNewModuleEx (moduleName=0x7f33dbcfce7d "Root Certs", dllPath=0x7f33dbcfce6f "libnssckbi.so", defaultMechanismFlags=0, cipherEnableFlags=0, modparms=<optimized out>, nssparms=<optimized out>) at pk11util.c:695 #4 0x00007f33dbcb1199 in SignatureHandler::SignatureHandler (this=0x7ffe927d1830, p7=0x5648cf9bed80 "0\202&\341\006\t*\206H\206\367\r\001\a\002\240\202&\322\060\202&\316\002\001\001\061\v0\t\006\005+\016\003\002\032\005", p7_length=10971) at ./poppler/SignatureHandler.cc:136 #5 0x00007f33dbbabb16 in FormFieldSignature::validateSignature (forceRevalidation=<optimized out>, validationTime=-1, doVerifyCert=true, this=0x5648cf99b7f0) at ./poppler/Form.cc:1722 #6 FormFieldSignature::validateSignature (this=0x5648cf99b7f0, doVerifyCert=<optimized out>, forceRevalidation=<optimized out>, validationTime=-1) at ./poppler/Form.cc:1689 #7 0x00005648ceee7a5d in main (argc=<optimized out>, argv=<optimized out>) at /usr/include/c++/8/bits/stl_vector.h:979 (gdb) bt full #0 0x00007f33db0d1c84 in SECMOD_ReferenceModule (module=0x0) at pk11util.c:847 No locals. #1 0x00007f33db0d21fc in SECMOD_AddModule (newModule=0x5648cf9cdd40) at pk11util.c:541 rv = SECSuccess oldModule = <optimized out> rv = <optimized out> oldModule = <optimized out> #2 SECMOD_AddModule (newModule=0x5648cf9cdd40) at pk11util.c:519 rv = <optimized out> oldModule = <optimized out> #3 0x00007f33db0d22a0 in SECMOD_AddNewModuleEx (moduleName=0x7f33dbcfce7d "Root Certs", dllPath=0x7f33dbcfce6f "libnssckbi.so", defaultMechanismFlags=0, cipherEnableFlags=0, modparms=<optimized out>, nssparms=<optimized out>) at pk11util.c:695 module = 0x5648cf9cdd40 result = SECFailure s = <optimized out> i = <optimized out> slot = <optimized out> #4 0x00007f33dbcb1199 in SignatureHandler::SignatureHandler (this=0x7ffe927d1830, p7=0x5648cf9bed80 "0\202&\341\006\t*\206H\206\367\r\001\a\002\240\202&\322\060\202&\316\002\001\001\061\v0\t\006\005+\016\003\002\032\005", p7_length=10971) at ./poppler/SignatureHandler.cc:136 No locals. #5 0x00007f33dbbabb16 in FormFieldSignature::validateSignature (forceRevalidation=<optimized out>, validationTime=-1, doVerifyCert=true, this=0x5648cf99b7f0) at ./poppler/Form.cc:1722 arrayLen = 4 sig_val_state = <optimized out> cert_val_state = <optimized out> signature_handler = {hash_length = 3483022560, CMSitem = {type = 2457671968, data = 0x2 <error: Cannot access memory at address 0x2>, len = 3482956816}, hash_context = 0x0, CMSMessage = 0x0, CMSSignedData = 0x0, CMSSignerInfo = 0x0, temp_certs = 0x0} fileLength = <optimized out> signature_len = 10971 signatureuchar = <optimized out> arrayLen = <optimized out> sig_val_state = <optimized out> cert_val_state = <optimized out> signature_len = <optimized out> signatureuchar = <optimized out> signature_handler = <optimized out> fileLength = <optimized out> i = <optimized out> offsetObj = <optimized out> lenObj = <optimized out> offset = <optimized out> len = <optimized out> #6 FormFieldSignature::validateSignature (this=0x5648cf99b7f0, doVerifyCert=<optimized out>, forceRevalidation=<optimized out>, validationTime=-1) at ./poppler/Form.cc:1689 arrayLen = <optimized out> sig_val_state = <optimized out> cert_val_state = <optimized out> signature_len = <optimized out> signatureuchar = <optimized out> signature_handler = <optimized out> fileLength = <optimized out> i = <optimized out> offsetObj = <optimized out> lenObj = <optimized out> offset = <optimized out> len = <optimized out> #7 0x00005648ceee7a5d in main (argc=<optimized out>, argv=<optimized out>) at /usr/include/c++/8/bits/stl_vector.h:979 ranges = std::vector of length 1, capacity 1 = {94870720603936} i = 0 doc = 0x5648cf99b410 sigCount = 1 fileName = 0x5648cf99b360 sig_info = <optimized out> time_str = <optimized out> sig_widgets = Python Exception <class 'gdb.error'> value has been optimized out: win32Console = <optimized out> exitCode = 99 ok = <optimized out> (gdb) down #0 0x00007f33db0d1c84 in SECMOD_ReferenceModule (module=0x0) at pk11util.c:847 847 PZ_Lock(module->refLock); (gdb) list pk11util.c:841,848 841 /* 842 * make a new reference to a module so It doesn't go away on us 843 */ 844 SECMODModule * 845 SECMOD_ReferenceModule(SECMODModule *module) 846 { 847 PZ_Lock(module->refLock); <<<<<<<<<< 848 PORT_Assert(module->refCount > 0); (gdb) print module $1 = (SECMODModule *) 0x0 (gdb) up #1 0x00007f33db0d21fc in SECMOD_AddModule (newModule=0x5648cf9cdd40) at pk11util.c:541 541 newModule->parent = SECMOD_ReferenceModule(defaultDBModule); (gdb) list pk11util.c:518,542 518 SECStatus 519 SECMOD_AddModule(SECMODModule *newModule) 520 { 521 SECStatus rv; 522 SECMODModule *oldModule; 523 524 /* Test if a module w/ the same name already exists */ 525 /* and return SECWouldBlock if so. */ 526 /* We should probably add a new return value such as */ 527 /* SECDublicateModule, but to minimize ripples, I'll */ 528 /* give SECWouldBlock a new meaning */ 529 if ((oldModule = SECMOD_FindModule(newModule->commonName)) != NULL) { 530 SECMOD_DestroyModule(oldModule); 531 return SECWouldBlock; 532 /* module already exists. */ 533 } 534 535 rv = secmod_LoadPKCS11Module(newModule, NULL); 536 if (rv != SECSuccess) { 537 return rv; 538 } 539 540 if (newModule->parent == NULL) { 541 newModule->parent = SECMOD_ReferenceModule(defaultDBModule); <<<<<<<<<<< 542 } (gdb) print defaultDBModule $2 = (SECMODModule *) 0x0 root@debian:~# dpkg -l | grep poppler ii libpoppler82:amd64 0.71.0-3 amd64 PDF rendering library ii libpoppler82-dbgsym:amd64 0.71.0-3 amd64 debug symbols for libpoppler82 ii poppler-data 0.4.9-2 all encoding data for the poppler PDF rendering library ii poppler-utils 0.71.0-3 amd64 PDF utilities (based on Poppler) ii poppler-utils-dbgsym 0.71.0-3 amd64 debug symbols for poppler-utils root@debian:~# dpkg -l | grep nss3 ii libnss3:amd64 2:3.42.1-1 amd64 Network Security Service libraries ii libnss3-dbgsym 2:3.42.1-1 amd64 debug symbols for libnss3 #################### https://gitlab.freedesktop.org/poppler/poppler/issues/669 https://gitlab.freedesktop.org/poppler/poppler/commit/a85c2ed8f4359341adb94887c4b551a761244fdb cd /tmp/source/poppler cp -a orig try1 cd try1/poppler-0.71.0 wget https://gitlab.freedesktop.org/poppler/poppler/commit/a85c2ed8f4359341adb94887c4b551a761244fdb.patch -O ../a85c2ed8f4359341adb94887c4b551a761244fdb.patch patch -p1 --dry-run < ../a85c2ed8f4359341adb94887c4b551a761244fdb.patch #checking file poppler/SignatureHandler.cc #Hunk #1 FAILED at 114. #1 out of 1 hunk FAILED git init git add . git commit -m "Initial commit" benutzer@debian:/tmp/source/poppler/try1/poppler-0.71.0$ cat ../a85c2ed8f4359341adb94887c4b551a761244fdb.patch From a85c2ed8f4359341adb94887c4b551a761244fdb Mon Sep 17 00:00:00 2001 From: Albert Astals Cid <aa...@kde.org> Date: Sat, 17 Nov 2018 19:29:16 +0100 Subject: [PATCH] Be more stubborn looking for a nssdb Fixes issue #669 --- poppler/SignatureHandler.cc | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc index aedccf7a..6c510229 100644 --- a/poppler/SignatureHandler.cc +++ b/poppler/SignatureHandler.cc @@ -114,10 +114,19 @@ GooString *SignatureHandler::getDefaultFirefoxCertDB_Linux() void SignatureHandler::init_nss() { GooString *certDBPath = getDefaultFirefoxCertDB_Linux(); + bool initSuccess = false; if (certDBPath == nullptr) { - NSS_Init("sql:/etc/pki/nssdb"); + initSuccess = (NSS_Init("sql:/etc/pki/nssdb") == SECSuccess); } else { - NSS_Init(certDBPath->c_str()); + initSuccess = (NSS_Init(certDBPath->c_str()) == SECSuccess); + } + if (!initSuccess) { + GooString homeNssDb(getenv("HOME")); + homeNssDb.append("/.pki/nssdb"); + initSuccess = (NSS_Init(homeNssDb.c_str()) == SECSuccess); + if (!initSuccess) { + NSS_NoDB_Init(nullptr); + } } //Make sure NSS root certificates module is loaded SECMOD_AddNewModule("Root Certs", "libnssckbi.so", 0, 0); -- 2.18.1 benutzer@debian:/tmp/source/poppler/try1/poppler-0.71.0$ grep "void SignatureHandler::init_nss" poppler/SignatureHandler.cc -A15 -n 114:void SignatureHandler::init_nss() 115-{ 116- GooString *certDBPath = getDefaultFirefoxCertDB_Linux(); 117- if (certDBPath == nullptr) { 118- NSS_Init("sql:/etc/pki/nssdb"); 119- } else { 120- NSS_Init(certDBPath->getCString()); 121- } 122- //Make sure NSS root certificates module is loaded 123- SECMOD_AddNewModule("Root Certs", "libnssckbi.so", 0, 0); 124- 125- delete certDBPath; 126-} 127- # merge patch git add poppler/SignatureHandler.cc git commit -m "a85c2ed8f4359341adb94887c4b551a761244fdb merged" git format-patch -o .. -1 dpkg-buildpackage -b dpkg -i /tmp/source/poppler/try1/{libpoppler82,libpoppler82-dbgsym,poppler-utils,poppler-utils-dbgsym}_0.71.0-3_amd64.deb benutzer@debian:~$ /usr/bin/pdfsig SampleSignedPDFDocument.pdf Digital Signature Info of: SampleSignedPDFDocument.pdf Internal Error (0): couldn't find default Firefox Folder Signature #1: - Signer Certificate Common Name: John B Harris - Signer full Distinguished Name: E=jbhar...@adobe.com,CN=John B Harris,O=Adobe Systems Incorporated,L=San Jose,ST=CA,C=US - Signing Time: Jul 16 2009 16:47:47 - Signing Hash Algorithm: SHA1 - Signature Type: adbe.pkcs7.detached - Signed Ranges: [0 - 227012], [248956 - 272318] - Total document signed - Signature Validation: Signature is Valid. - Certificate Validation: Certificate has Expired