Bug#926404: /usr/bin/pdfsig: pdfsig: segfaults with "couldn't find default Firefox Folder"

Bernhard Reiter bernhard at intevation.de
Tue Apr 16 09:35:21 BST 2019


Am Dienstag 16 April 2019 09:37:28 schrieb Bernhard √úbelacker:
> That looks quite similar to what I have received in #924050.

you were testing a different case there
probably the one for this (==#926404) problem.

The indicateion is the difference in the messages in the original problems:
#924050: Internal Error (0): Input couldn't be parsed as a CMS signature
#926404: Internal Error (0): couldn't find default Firefox Folder

This is very likely coming from two different code paths within libnss3.
I guess that with #924050 the signature itself was damaged.
I've made a brief effort to create such a damaged pdf, it should be possible
in theory because the signature itself is not part of the digest, however
I am not experienced enough to find the precise location.

> Therefore this issue should solvable by the patch attached to [1].

The patch deals with the place where the certificate database is found
and adds more code in case it is not found. So it has the potential
to solve the segfault. This looks like an improvement for #926404 to me.

It still makes sense to depend or recommend a certificate database that is 
used by pdfsig. Otherwise it will not be possible to validate the certificate
of a signature.

> A poppler package built with that patch showed the
> signature information successfully.

Did you have /etc/pki/nssdb in place or a personal firefox profile when doing 
the test?


More information about the Pkg-freedesktop-maintainers mailing list