tpm2-pkcs11 icon indicating copy to clipboard operation
tpm2-pkcs11 copied to clipboard

Published 20 hours ago verified publisher icon tpm2-software

Segmentation fault during database upgrade 7 -> 8

Open alitofresko opened this issue 9 months ago • 5 comments

Tested with 1.9.0, trying to use a DB created with 1.8.0.

Running a simple command with the pkcs11-tool we receive a segmentation fault with a specific database created with 1.8.0 lib.

Steps used to get the error: Run export TPM2_PKCS11_LOG_LEVEL=2 to get verbose logs Run pkcs11-tool --verbose --test --module /usr/lib/pkcs11/libtpm2_pkcs11.so to perform a test This is the output INFO on line: "393" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/pkcs11.c": enter "C_GetFunctionList" INFO on line: "393" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/pkcs11.c": return "C_GetFunctionList" value: 0 INFO on line: "381" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/pkcs11.c": enter "C_Initialize" INFO on line: "41" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/backend.c": Initializing backends INFO on line: "2626" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Using sqlite3 DB: "/etc/tpm2_pkcs11/tpm2_pkcs11.sqlite3" INFO on line: "2216" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Performing DB backup at: "/etc/tpm2_pkcs11/tpm2_pkcs11.sqlite3.bak" Segmentation fault

After some investigation, I see that my database /etc/tpm2_pkcs11/tpm2_pkcs11.sqlite3 created with 1.8.0 has 3 rows on tobjects table, the last one has no attribute of type CKA_ALLOWED_MECHANISMS. So, the function attr_get_attribute_by_type returns null and the next instruction type_from_ptr cause a segmentation fault.

by placing an "if not null" before the function that caused the segmentation fault, the db upgrade seems to complete with success. Attached my patch used to add more logs and the "if not null" check. This is the relevant output of pkcs11-tool --verbose --test --module /usr/lib/pkcs11/libtpm2_pkcs11.so after patch applied:

INFO on line: "2639" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Using sqlite3 DB: "/etc/tpm2_pkcs11/tpm2_pkcs11.sqlite3" INFO on line: "2229" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Performing DB backup at: "/etc/tpm2_pkcs11/tpm2_pkcs11.sqlite3.bak" INFO on line: "2145" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Upgrading DB from 7 to 8 ERROR on line: "2157" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Upgrading DB from 7 to 8 - step INFO on line: "2168" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": begin process tobjects row INFO on line: "2177" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Attribute by type ptr: 0xe980f0 INFO on line: "2179" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Attribute ptr and length: 0xe97f70 48 INFO on line: "2182" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Upgrading tobject attrs INFO on line: "2184" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Done INFO on line: "2168" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": begin process tobjects row INFO on line: "2177" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Attribute by type ptr: 0xe86798 INFO on line: "2179" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Attribute ptr and length: 0xe98130 48 INFO on line: "2182" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Upgrading tobject attrs INFO on line: "2184" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Done INFO on line: "2168" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": begin process tobjects row INFO on line: "2177" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Attribute by type ptr: (nil) INFO on line: "2187" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Skip attribute upgrading cause of null attrs: (nil)

db-upgrade-7-8-segmentation-fault.patch db-upgrade-7-8-segmentation-fault.log

alitofresko avatar Oct 05 '23 08:10 alitofresko

Thank you! It works for me.

sem-hub avatar Nov 03 '23 22:11 sem-hub

Confirm the issue on Manjaro with tpm2-pkcs11 1.9.0-1

tracefinder avatar Nov 07 '23 08:11 tracefinder

Confirm that @tracefinder's PR fixes this for me. Maybe if the project is (temporarily?) unmaintained, we should adopt patches into a fork until the maintainer is either back or something else happens?

tazjin avatar Mar 17 '24 11:03 tazjin

BTW, there is the second PR aimed to solve the problem - https://github.com/tpm2-software/tpm2-pkcs11/pull/858

I believe a fork is the last resort option in case the project is dead. @williamcroberts could you clarify the state of the project?

tracefinder avatar Mar 25 '24 08:03 tracefinder

BTW, there is the second PR aimed to solve the problem - #858

I believe a fork is the last resort option in case the project is dead. @williamcroberts could you clarify the state of the project?

The project is alive, I just don't have as much time as I used to. We are looking for folks that want to be active in the tpm2-software space, so if anyone wants to sign up :-p

williamcroberts avatar Mar 25 '24 14:03 williamcroberts