Bug 423355

Summary: Nullptr QCA::PKeyBase* in QCA::PKeyContext* of pkeys in QCA::KeyBundle for unknown pkey type
Product: [Frameworks and Libraries] qca Reporter: einbert-xeride
Component: generalAssignee: Ivan Romanov <drizt72>
Status: RESOLVED FIXED    
Severity: normal CC: aacid, bradh, justin, nate
Priority: NOR    
Version: 2.3.0   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=423349
Latest Commit: https://invent.kde.org/libraries/qca/commit/3242caee6aa7bb07d2f0e3d9ed23e4fcacc82140 Version Fixed In:
Sentry Crash Report:

Description einbert-xeride 2020-06-22 12:45:37 UTC 
Related bug: https://bugs.kde.org/show_bug.cgi?id=423349.

When loading PKCS12 key bundle, during conveting pkey to QCA::PKeyBase*:

#0 opensslQCAPlugin::MyPKeyContext::pkeyToBase
#1 opensslQCAPlugin::MyPKCS12Context::fromPKCS12
#2 QCA::get_pkcs12_der
#3 QCA::KeyBundle::fromFile

In opensslQCAPlugin::MyPKeyContext::pkeyToBase, if pkey_type it got is unexpected (i.e. not EVP_PKEY_{RSA,DSA,DH}; e.g. EVP_PKEY_EC), it will return nullptr, and opensslQCAPlugin::MyPKCS12Context::fromPKCS12 doesn't check the return value. When calling pkey related methods (like QCA::PrivateKey::canDecrypt(), which eventually calls QCA::PKeyBase::type()), it will cause segmentation fault due to nullptr.

OBSERVED RESULT

Segmentation fault due to PKeyBase* being nullptr.

EXPECTED RESULT

- Either make QCA::KeyBundle::fromFile fail due to unknown pkey type, or check if QCA::PKeyBase* is nullptr every time when use it (not just QCA::Provider::Context*).
- Support more pkey types if possible.

SOFTWARE/OS VERSIONS
Qt Version: 5.15.0
Frameworks Version: 5.71.0
Operating System: Linux 5.7.4-arch1-1 x86_64
Windowing system: X11
Distribution: "Arch Linux"
Comment 1 Bug Janitor Service 2020-06-22 19:47:31 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/libraries/qca/-/merge_requests/30
Comment 2 Albert Astals Cid 2020-06-22 19:50:08 UTC 
The crash will be fixed shortly, but that's just the crash, we need to add ecdsa support to QCA for that to actually work in plasma-nm i guess
Comment 3 Albert Astals Cid 2020-06-22 20:12:47 UTC 
Git commit 3242caee6aa7bb07d2f0e3d9ed23e4fcacc82140 by Albert Astals Cid.
Committed on 22/06/2020 at 20:03.
Pushed by aacid into branch 'master'.

ossl: pkcs12: Don't crash on unknown private key type

M  +8    -0    plugins/qca-ossl/qca-ossl.cpp

https://invent.kde.org/libraries/qca/commit/3242caee6aa7bb07d2f0e3d9ed23e4fcacc82140