#760 Tpsclient Failure on F20 and TPS
Closed: Fixed None Opened 9 years ago by jmagne.

When trying to perform a simple format operation with tpsclient agains a TPS server running on F20, there is an assertion that causes the program to exit before completion of the requested operation.

This problem appears to be isolated to tpsclient itself because the problem can be easily reproduced by running this tpsclient against any other known working TPS, even a tps running RHCS TPS.

Here is a trace of the output when the problem occurs:

Output> RA_Token::VerifyMAC: Begins==== apdu type =11
Output> RA_Token::VerifyMAC: no mac? ok
Output> * msg = msg_type=10&pdu_data=%90%00&pdu_size=2 ***
Output> sending chunk ----- 2b

Output> RA_Token::VerifyMAC: Begins==== apdu type =21
Output> RA_Token::VerifyMAC: no mac? ok
tpsclient: /builddir/build/BUILD/pki-tps-10.1.0/base/tps/src/main/Buffer.cpp:180: Buffer Buffer::substr(unsigned int, unsigned int) const: Assertion `i < len && (i+n) <= len' failed.
Aborted (core dumped)

Here is a sample of a tpsclient script file that triggered the problem:

op=var_set name=ra_host value=localhost
op=var_set name=ra_port value=7988
op=var_set name=ra_uri value=/nk_service
op=token_set cuid=40906145C76224192D2B msn=0120304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0
op=token_set auth_key=404142434445464748494a4b4c4d4e4f
op=token_set mac_key=404142434445464748494a4b4c4d4e4f
op=token_set kek_key=404142434445464748494a4b4c4d4e4f
op=ra_format uid=john pwd=1234 new_pin=netscape num_threads=1

Although the failure was cause from providing an invalid 'msn' value (7 digits instead of 8 digits), this patch will supply a default value of 'FFFFFFFF' instead of crashing.

Checked into 'master':

  • e54785c33474061241caffa67e0880b38f4314fc

Metadata Update from @jmagne:
- Issue assigned to mharmsen
- Issue set to the milestone: 10.1 - 10/13 (October)

5 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.