search

mtrojnar / osslsigncode

OpenSSL based Authenticode signing for PE/MSI/Java CAB files
Other
801 stars 131 forks source link

Segmentation Fault after DNS resolution failure of Timestamp server #394

Closed jakob-ledermann closed 5 months ago

jakob-ledermann commented 6 months ago

Affected Version:

Version 2.8 (Compiled from tarball on Ubuntu 22.04.4 LTS)

Command:

osslsigncode sign \ 
 -pkcs11module /usr/lib/libeToken.so \ 
 -pkcs11cert 'pkcs11:token=<tokenname>;type=cert' \ 
 -key 'pkcs11:token=<tokenname>' \ 
 -ts http://timestamp.sectigo.com \ 
 -h sha2 test.exe test.exe.signed

Output:

Engine "pkcs11" set.
Ignoring PE signature not at the end of the file
Connecting to http://timestamp.sectigo.com
CURL failure: Couldn't resolve host name http://timestamp.sectigo.com
RFC 3161 timestamping failed
Use the "-t" option to add the Authenticode Time-Stamp Authority or choose another one RFC3161 Time-Stamp Authority
Unable to set unauthenticated attributes
1944 Segmentation fault      (core dumped)

The name resolution failed because I forgot to configure the DNS server after changing from DHCP to fixed IPv4 address. Unfortunately my systems coredump size was configured to 0 so I do not think I can provide more details from this situation.

I have not yet tried to reproduce the problem. After I fixed the DNS server configuration I was able to sign the exact same file using the same pkcs11-Token successfully.

I would not expect the program to exit with a segfault in such a situation but rather a normal exit with an exitcode indicating an error.

olszomal commented 5 months ago

Can you reproduce this issue against the current master branch? I think https://github.com/mtrojnar/osslsigncode/commit/0a0761746f670e34335826ea90b3fffe93e519fe should have fixed it.