mtrojnar/osslsigncode

v2.8 regression: SIGSEGV in BIO_free

tim77 opened this issue · 2 comments

Description of problem:

SIGSEGV in BIO_free

Affected version: v2.8.
v2.7 does not crash.

Steps to Reproduce:

Test with a copy of a recent kernel:

$ file vmlinuz-1.bin
vmlinuz-1.bin: Linux kernel x86 boot executable bzImage, version 6.8.7-200.fc39.x86_64 (mockbuild@45dd5688efad44f5b0bb641c76b5468d) #1 SMP PREEMPT_DYNAMIC Wed Apr 17 19:35:11 UTC 2024, RO-rootFS, swap_dev 0XE, Normal VGA
$ osslsigncode extract-signature -in vmlinuz-1.bin -out vmlinuz-1.sig
Current PE checksum   : 00000000
Calculated PE checksum: 00E34572
Warning: invalid PE checksum

Corrupted attribute certificate table
Attribute certificate table size  : 00000D48
Attribute certificate entry length: 00000762

Unable to extract existing signature
Segmentation fault (core dumped)

Actual results:

Program received signal SIGSEGV, Segmentation fault.

Downstream bug report

Additional info

Spec file: https://src.fedoraproject.org/rpms/osslsigncode/blob/rawhide/f/osslsigncode.spec

Can you reproduce this issue against the current master branch?
I think 0a07617 should have fixed it.

Thanks, 0a07617 mostly likely fixed SIGSEGV in BIO_free issue. osslsigncode from master branch currently in testing and look like still have some sort of regression. But this safe to close i suppose.