Bug 83937 - LibreOffice crashes when creating digitally signed PDF
Summary: LibreOffice crashes when creating digitally signed PDF
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Printing and PDF export (show other bugs)
Version:
(earliest affected)
4.4.0.0.alpha0+ Master
Hardware: Other All
: medium normal
Assignee: Not Assigned
QA Contact:
URL:
Whiteboard: target:4.5.0
Keywords:
Depends on:
Blocks: PDF-Signature
  Show dependency treegraph
 
Reported: 2014-09-16 16:23 UTC by Markus Wernig
Modified: 2015-04-09 16:05 UTC (History)
3 users (show)

See Also:
Crash report or crash signature:


Attachments
valgrind output (104.36 KB, text/plain)
2014-09-16 16:23 UTC, Markus Wernig
Details
test document (11.14 KB, application/vnd.oasis.opendocument.text)
2014-09-16 16:25 UTC, Markus Wernig
Details
resulting pdf, signature is all zeroes (35.70 KB, application/pdf)
2014-09-16 16:26 UTC, Markus Wernig
Details
valgrind trace LO 4.4.0.0 crashing hardtoken signing file (not PDF) (102.41 KB, text/plain)
2014-09-16 17:07 UTC, Markus Wernig
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Markus Wernig 2014-09-16 16:23:20 UTC
Created attachment 106380 [details]
valgrind output

This report is a follow up to bug 66701. See there for the steps that lead here.

When creating a signed PDF (functionality needs to be enabled under
experimental features in Tools->Options->Advanced), LO crashes under certain
conditions. It does not crash, under the same conditions, when signing
the original document XML (File->Digigal Signatures).

The condition that lead to this report:

Create a signed PDF with a signature from an RSA token. The signature is made with the private key on the token's SigG partition (aka. "qualified signature").

The crash happens when LO is run directly from the shell or in gdb.
If LO is run in valgrind, it does not crash, but creates a "signed" PDF with an invalid signature (all zeroes).

How to reproduce:

1) Enable experimental features in LO
2) Use Mozilla or Firefox to configure the token in the NSS store. Make sure signatures are working (eg. by sending a signed e-mail)
3) Insert RSA token
4) Create document (in Writer, Impress, Calc, ...)
5) Select File->Export as PDF->Digital Signatures
6) Click Select
7) Enter password (if set) for the NSS store and for RSA token, select certificate from the SigG partition, click OK
8) Fill in remaining fields (certificate password seems not to be necessary), click Export
9) Select file location
10) Enter the PIN for the RSA token in the popup (this is specific of the PKCS#11 library for the token and will differ between vendors)
11) LO crashes, sometimes giving output (see attachment 106286 [details]), sometimes not.

If run under valgrind, it does not crash but the helper program for the PIN input segfaults (see valgrind output).
Comment 1 Markus Wernig 2014-09-16 16:25:14 UTC
Created attachment 106381 [details]
test document

The test document is signed with the same key/signature (File->Digital Signatures) that causes LO to crash when trying to sign the PDF.
So it seems that the logic to sign with that token is there, but somehow is used differently when creating PDFs.
Comment 2 Markus Wernig 2014-09-16 16:26:51 UTC
Created attachment 106382 [details]
resulting pdf, signature is all zeroes
Comment 3 Markus Wernig 2014-09-16 17:07:36 UTC
Created attachment 106385 [details]
valgrind trace LO 4.4.0.0 crashing hardtoken signing file (not PDF)
Comment 4 Markus Wernig 2014-09-16 17:08:42 UTC
Not sure if this should go into a separate bug, please advise.

I ran LO under valgrind and it crashed when trying to sign the ODF itself under File->Digital Signatures (with the key from the SigG), producing the output in attachment 106385 [details].
Comment 5 Michael Meeks 2014-09-16 20:26:33 UTC
Thanks; nice valgrind trace:

==12945==  Address 0x1c is not stack'd, malloc'd or (recently) free'd 

Looks strongly as if a NULL pointer is getting a struct offset & then dereferenced somewhere in that stack.
Comment 6 Markus Wernig 2014-12-11 16:42:27 UTC
Just had a chance to verify. The same behaviour occurs on OSX (10.9.5).

LO just crashes when the qualified signature is used for PDF signing.
The same operation succeeds when signing the ODF.
Comment 7 Commit Notification 2014-12-12 16:09:40 UTC
Tor Lillqvist committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=cbf0c9f8332be9abfed6016f9708e3260331eb2d

Tentative fix for fdo#83937

It will be available in 4.5.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 8 Markus Wernig 2014-12-13 07:38:03 UTC
Just tested with a fresh build. LO doesn't crash anymore, but is also not sign the PDF with any qualified (SigG) certificate. An error is displayed that says that "Signature generation failed".
Comment 9 Markus Wernig 2015-03-28 12:57:26 UTC
No more crashes, signatures OK, all is well, and my cow is happy ;-)