Bug#1132950: gcr-viewer-gtk4 crashes when opening files with private keys

[John Scott]

Package: gcr4
Version: 4.4.0.1-3
Severity: normal
Tags: upstream
Forwarded: https://gitlab.gnome.org/GNOME/gcr/-/issues/134

Ahoy,
For the GTK 4 version only, I'm finding on Trixie that gcr-viewer terminates 
with SIGSEGV when one attempts to open a file that contains a private key, 
except possibly for PKCS#12 files—only because I think viewing all PKCS#12 
files is broken in gcr-viewer-gtk4 for an unrelated reason (different issue) 
and thus can't test with one. This crash happens before any user interface is 
displayed just after the process starts.

It is a fortunate coincidence that an installed test in glib-networking-tests 
works well to demonstrate the problem:

(gdb) gcr-viewer-gtk4 
/usr/libexec/installed-tests/glib-networking/files/client-and-key.pem
Thread 1 "gcr-viewer-gtk4" received signal SIGSEGV, Segmentation fault.
on_parser_parsed (parser=<optimized out>, user_data=0x7fffffffd500) at 
../tools/viewer/viewer.c:46
46              *cert = gcr_simple_certificate_new (attr->value, attr->length);

Apparently, attr—as returned by gck_attributes_find() just prior—is NULL here. 
The Gck 4 docs say this is legitimate if the attribute isn't found, so it's 
wrong for Gcr to not check for this here.

#0  on_parser_parsed (parser=<optimized out>, user_data=0x7fffffffd530) at 
../tools/viewer/viewer.c:46
#4  0x00007ffff7167663 in <emit signal 'parsed' on instance 0x55555575bb00 
[GcrParser]> (instance=instance@entry=0x55555575bb00, signal_id=<optimized 
out>, detail=detail@entry=0) at ../../../gobject/gsignal.c:3597
    #1  0x00007ffff714bb81 in _g_closure_invoke_va 
(closure=closure@entry=0x555555763d70, return_value=return_value@entry=0x0, 
instance=instance@entry=0x55555575bb00, args=args@entry=0x7fffffffd230, 
n_params=n_params@entry=0, param_types=param_types@entry=0x0) at 
../../../gobject/gclosure.c:898
    #2  0x00007ffff71618b8 in signal_emit_valist_unlocked 
(instance=instance@entry=0x55555575bb00, signal_id=signal_id@entry=126, 
detail=detail@entry=0, var_args=var_args@entry=0x7fffffffd230) at 
../../../gobject/gsignal.c:3438
    #3  0x00007ffff71675a6 in g_signal_emit_valist (instance=0x55555575bb00, 
signal_id=126, detail=0, var_args=0x7fffffffd230) at 
../../../gobject/gsignal.c:3277
#5  0x00007ffff7f076f0 in _gcr_parser_fire_parsed 
(self=self@entry=0x55555575bb00 [GcrParser], 
parsed=parsed@entry=0x55555569efe0) at ../gcr/gcr-parser.c:484
#6  0x00007ffff7ef46d6 in _gcr_parser_parse_der_private_key_rsa 
(self=0x55555575bb00 [GcrParser], data=0x5555556bc800) at 
../gcr/gcr-parser-libgcrypt.c:80
#7  0x00007ffff7f08329 in handle_pem_data (type=type@entry=1128, 
data=data@entry=0x5555556bc800, outer=outer@entry=0x55555569f640, 
headers=headers@entry=0x0, user_data=user_data@entry=0x7fffffffd470) at 
../gcr/gcr-parser.c:1221
#8  0x00007ffff7f16fb7 in egg_armor_parse (data=data@entry=0x555555763c10, 
callback=callback@entry=0x7ffff7f081c0 <handle_pem_data>, 
user_data=user_data@entry=0x7fffffffd470) at ../egg/egg-armor.c:316
#9  0x00007ffff7f067f2 in handle_pem_format (self=<optimized out>, subformat=0, 
data=0x555555763c10) at ../gcr/gcr-parser.c:1245
#10 parse_pem (self=<optimized out>, data=0x555555763c10) at 
../gcr/gcr-parser.c:1258
#11 0x00007ffff7f06bf2 in parser_format_foreach (key=key@entry=0x7ffff7f5be60 
<parser_normal>, value=value@entry=0x7ffff7f5be60 <parser_normal>, 
data=data@entry=0x7fffffffd4c0) at ../gcr/gcr-parser.c:1516
#12 0x00007ffff7f07b1e in gcr_parser_parse_bytes 
(self=self@entry=0x55555575bb00 [GcrParser], data=data@entry=0x555555763c10, 
error=error@entry=0x7fffffffd528) at ../gcr/gcr-parser.c:1777
#13 0x0000555555558b45 in simple_certificate_new_from_file (cancellable=0x0, 
file=0x555555764800, error=0x7fffffffd528) at ../tools/viewer/viewer.c:69
#14 simple_certificate_new_from_commandline_arg (cancellable=0x0, 
arg=<optimized out>, error=0x7fffffffd528) at ../tools/viewer/viewer.c:94
#15 activate (app=<optimized out>, user_data=<optimized out>) at 
../tools/viewer/viewer.c:127
#20 0x00007ffff7167663 in <emit signal 'activate' on instance 0x555555580280 
[GtkApplication]> (instance=<optimized out>, signal_id=<optimized out>, 
detail=<optimized out>) at ../../../gobject/gsignal.c:3597
    #16 0x00007ffff714b950 in g_closure_invoke (closure=0x555555582390, 
return_value=0x0, n_param_values=n_param_values@entry=1, 
param_values=param_values@entry=0x7fffffffd750, 
invocation_hint=invocation_hint@entry=0x7fffffffd6a0) at 
../../../gobject/gclosure.c:835
    #17 0x00007ffff715fd43 in signal_emit_unlocked_R 
(node=node@entry=0x7fffffffd810, detail=detail@entry=0, 
instance=instance@entry=0x555555580280, 
emission_return=emission_return@entry=0x0, 
instance_and_params=instance_and_params@entry=0x7fffffffd750) at 
../../../gobject/gsignal.c:3902
    #18 0x00007ffff7161769 in signal_emit_valist_unlocked 
(instance=instance@entry=0x555555580280, signal_id=signal_id@entry=8, 
detail=detail@entry=0, var_args=var_args@entry=0x7fffffffd970) at 
../../../gobject/gsignal.c:3534
    #19 0x00007ffff71675a6 in g_signal_emit_valist (instance=0x555555580280, 
signal_id=8, detail=0, var_args=0x7fffffffd970) at 
../../../gobject/gsignal.c:3277
#21 0x00007ffff7281ca0 in g_application_real_local_command_line 
(application=0x555555580280 [GtkApplication], arguments=0x7fffffffdac8, 
exit_status=0x7fffffffdac4) at ../../../gio/gapplication.c:1188
#22 0x00007ffff7281e38 in g_application_run 
(application=application@entry=0x555555580280 [GtkApplication], 
argc=argc@entry=2, argv=argv@entry=0x7fffffffdc38) at 
../../../gio/gapplication.c:2684
#23 0x0000555555557758 in main (argc=2, argv=0x7fffffffdc38) at 
../tools/viewer/viewer.c:152

I'm curious why _gcr_parser_parse_der_private_key_rsa gets invoked even when 
all input data is PEM-encoded. Let me know if you can't reproduce; I have an 
esoteric PKCS#11 setup and maybe that influences Gck somehow.

Apparently I reported (almost) this same issue upstream a few months ago, but 
that was in regards to handling illegitimate data. Not being able to import 
private keys, apparently at all, is a much greater problem.

-- System Information:
Debian Release: 13.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.74+deb13+1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gcr4 depends on:
ii  dbus-user-session [default-dbus-session-bus]  1.16.2-2
ii  gcr                                           3.41.2-3
ii  init-system-helpers                           1.69~deb13u1
ii  libc6                                         2.41-12+deb13u2
ii  libgck-2-2                                    4.4.0.1-3
ii  libgcr-4-4                                    4.4.0.1-3
ii  libglib2.0-0t64                               2.84.4-3~deb13u2
ii  libgtk-4-1                                    4.18.6+ds-2
ii  libpango-1.0-0                                1.56.3-1
ii  libsecret-1-0                                 0.21.7-1
ii  libsystemd0                                   257.9-1~deb13u1

gcr4 recommends no packages.

gcr4 suggests no packages.

-- no debconf information

client-and-key.pem
Description: test case copied from glib-networking-tests

signature.asc
Description: This is a digitally signed message part