search

tpm2-software / tpm2-pkcs11

A PKCS#11 interface for TPM2 hardware
https://tpm2-software.github.io
Other
265 stars 106 forks source link

Segmentation fault during database upgrade 7 -> 8 #845

Open alitofresko opened 9 months ago

alitofresko commented 9 months ago

Tested with 1.9.0, trying to use a DB created with 1.8.0.

Running a simple command with the pkcs11-tool we receive a segmentation fault with a specific database created with 1.8.0 lib.

Steps used to get the error: Run export TPM2_PKCS11_LOG_LEVEL=2 to get verbose logs Run pkcs11-tool --verbose --test --module /usr/lib/pkcs11/libtpm2_pkcs11.so to perform a test This is the output _INFO on line: "393" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/pkcs11.c": enter "C_GetFunctionList" INFO on line: "393" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/pkcs11.c": return "C_GetFunctionList" value: 0 INFO on line: "381" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/pkcs11.c": enter "C_Initialize" INFO on line: "41" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/backend.c": Initializing backends INFO on line: "2626" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Using sqlite3 DB: "/etc/tpm2_pkcs11/tpm2_pkcs11.sqlite3" INFO on line: "2216" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Performing DB backup at: "/etc/tpm2_pkcs11/tpm2pkcs11.sqlite3.bak" Segmentation fault

After some investigation, I see that my database /etc/tpm2_pkcs11/tpm2_pkcs11.sqlite3 created with 1.8.0 has 3 rows on tobjects table, the last one has no attribute of type CKA_ALLOWED_MECHANISMS. So, the function attr_get_attribute_by_type returns null and the next instruction type_from_ptr cause a segmentation fault.

by placing an "if not null" before the function that caused the segmentation fault, the db upgrade seems to complete with success. Attached my patch used to add more logs and the "if not null" check. This is the relevant output of pkcs11-tool --verbose --test --module /usr/lib/pkcs11/libtpm2_pkcs11.so after patch applied:

_INFO on line: "2639" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Using sqlite3 DB: "/etc/tpm2_pkcs11/tpm2_pkcs11.sqlite3" INFO on line: "2229" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Performing DB backup at: "/etc/tpm2_pkcs11/tpm2pkcs11.sqlite3.bak" INFO on line: "2145" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Upgrading DB from 7 to 8 ERROR on line: "2157" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Upgrading DB from 7 to 8 - step INFO on line: "2168" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": begin process tobjects row INFO on line: "2177" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Attribute by type ptr: 0xe980f0 INFO on line: "2179" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Attribute ptr and length: 0xe97f70 48 INFO on line: "2182" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Upgrading tobject attrs INFO on line: "2184" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Done INFO on line: "2168" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": begin process tobjects row INFO on line: "2177" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Attribute by type ptr: 0xe86798 INFO on line: "2179" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Attribute ptr and length: 0xe98130 48 INFO on line: "2182" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Upgrading tobject attrs INFO on line: "2184" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Done INFO on line: "2168" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": begin process tobjects row INFO on line: "2177" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Attribute by type ptr: (nil) INFO on line: "2187" in file: "/usr/src/debug/tpm2-pkcs11/1.9.0-r0/src/lib/db.c": Skip attribute upgrading cause of null attrs: (nil)

db-upgrade-7-8-segmentation-fault.patch db-upgrade-7-8-segmentation-fault.log

sem-hub commented 8 months ago

Thank you! It works for me.

tracefinder commented 8 months ago

Confirm the issue on Manjaro with tpm2-pkcs11 1.9.0-1

tazjin commented 4 months ago

Confirm that @tracefinder's PR fixes this for me. Maybe if the project is (temporarily?) unmaintained, we should adopt patches into a fork until the maintainer is either back or something else happens?

tracefinder commented 3 months ago

BTW, there is the second PR aimed to solve the problem - https://github.com/tpm2-software/tpm2-pkcs11/pull/858

I believe a fork is the last resort option in case the project is dead. @williamcroberts could you clarify the state of the project?

williamcroberts commented 3 months ago

BTW, there is the second PR aimed to solve the problem - #858

I believe a fork is the last resort option in case the project is dead. @williamcroberts could you clarify the state of the project?

The project is alive, I just don't have as much time as I used to. We are looking for folks that want to be active in the tpm2-software space, so if anyone wants to sign up :-p