Created attachment 106380 [details]
This report is a follow up to bug 66701. See there for the steps that lead here.
When creating a signed PDF (functionality needs to be enabled under
experimental features in Tools->Options->Advanced), LO crashes under certain
conditions. It does not crash, under the same conditions, when signing
the original document XML (File->Digigal Signatures).
The condition that lead to this report:
Create a signed PDF with a signature from an RSA token. The signature is made with the private key on the token's SigG partition (aka. "qualified signature").
The crash happens when LO is run directly from the shell or in gdb.
If LO is run in valgrind, it does not crash, but creates a "signed" PDF with an invalid signature (all zeroes).
How to reproduce:
1) Enable experimental features in LO
2) Use Mozilla or Firefox to configure the token in the NSS store. Make sure signatures are working (eg. by sending a signed e-mail)
3) Insert RSA token
4) Create document (in Writer, Impress, Calc, ...)
5) Select File->Export as PDF->Digital Signatures
6) Click Select
7) Enter password (if set) for the NSS store and for RSA token, select certificate from the SigG partition, click OK
8) Fill in remaining fields (certificate password seems not to be necessary), click Export
9) Select file location
10) Enter the PIN for the RSA token in the popup (this is specific of the PKCS#11 library for the token and will differ between vendors)
11) LO crashes, sometimes giving output (see attachment 106286 [details]), sometimes not.
If run under valgrind, it does not crash but the helper program for the PIN input segfaults (see valgrind output).
Created attachment 106381 [details]
The test document is signed with the same key/signature (File->Digital Signatures) that causes LO to crash when trying to sign the PDF.
So it seems that the logic to sign with that token is there, but somehow is used differently when creating PDFs.
Created attachment 106382 [details]
resulting pdf, signature is all zeroes
Created attachment 106385 [details]
valgrind trace LO 188.8.131.52 crashing hardtoken signing file (not PDF)
Not sure if this should go into a separate bug, please advise.
I ran LO under valgrind and it crashed when trying to sign the ODF itself under File->Digital Signatures (with the key from the SigG), producing the output in attachment 106385 [details].
Thanks; nice valgrind trace:
==12945== Address 0x1c is not stack'd, malloc'd or (recently) free'd
Looks strongly as if a NULL pointer is getting a struct offset & then dereferenced somewhere in that stack.
Just had a chance to verify. The same behaviour occurs on OSX (10.9.5).
LO just crashes when the qualified signature is used for PDF signing.
The same operation succeeds when signing the ODF.
Tor Lillqvist committed a patch related to this issue.
It has been pushed to "master":
Tentative fix for fdo#83937
It will be available in 4.5.0.
The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
Affected users are encouraged to test the fix and report feedback.
Just tested with a fresh build. LO doesn't crash anymore, but is also not sign the PDF with any qualified (SigG) certificate. An error is displayed that says that "Signature generation failed".
No more crashes, signatures OK, all is well, and my cow is happy ;-)