10.6/10.7: Attempting to verify certain signatures will crash task or daemon
| Originator: | wiml | ||
| Number: | rdar://11043986 | Date Originated: | 13-Mar-2012 07:26 PM |
| Status: | Open | Resolved: | |
| Product: | Product Version: | ||
| Classification: | Security | Reproducible: | Always |
13-Mar-2012 07:26 PM W Lewis: Summary: Certain invalid elliptic-curve signatures will cause whatever program tries to evaluate them to exit immediately. This program may be Keychain Access, or it may be your mailreader, or it may be the system 'securityd' daemon. Steps to Reproduce: Attempt to verify an ECDSA signature which is syntactically valid DER but in which one of the integers is much larger than it should be. Attached is a handful of test cases demonstrating the same bug being reached through several APIs: 1. Open achey_breaky.keychain, select all items, and select the leaf cert. Keychain Access will exit immediately. Mar 13 18:21:48 slowpoke com.apple.launchd.peruser.5003[231] ([0x0-0x81081].com.apple.keychainaccess[4599]): Exited with exit code: 1 2. Attempt to verify "cert2_broken.pem" using the "security" command-line tool. It will abort. 3. Compile sigcheck.c and run it with the option "embedded". It will attempt to verify an ECDSA signature that is broken in a similar way to cert2_broken.pem, and crash. 4. (My favorite) Compile sigcheck.c and run it with the option "keychain". It willl perform the same signature verification as before, except that the SecKeyRef it uses will be obtained from achey_breaky_2.keychain. As a result, the verification will be performed by securityd, which will crash immediately and --- on SL --- render the system almost unusable (can't launch new apps, can't log out). Mar 13 18:24:20 slowpoke com.apple.launchd[1] (com.apple.securityd[31]): Exited with exit code: 1 [followed by many other system daemons crashing, including ReportCrash crashing and recursively invoking itself] Expected Results: An invalid signature should cause a verification failure, not a crash. Actual Results: Crashypoo. Regression: The problem is the same on Snow Leopard and on Lion, except that Lion (unlike SL) will restart securityd when it crashes, meaning that the machine does not become nonfunctional. Notes: Obviously, bogus signatures could be introduced to the system in a number of other ways as well --- SSL certificates, S/MIME content, signed applications, WPA2 EAP-TLS, 802.1X, etc etc. Presumably each route would cause the associated daemon or service to crash or hang. 13-Mar-2012 07:26 PM W Lewis: 'bugreport.tar.bz2' and 'slowpoke.spx' were successfully uploaded 29-Dec-2014 04:03 PM W Lewis: Problem persists in 10.9.5/13F34
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!