Certutil process is continuously running and not returning when creating new NSS DB #558

Hi, I am trying to create new NSS DB by running following command using popen and reading the output. Please find below code snippet. The below code is getting stuck after cout "Before closing Pipe" in catch block. ``` char c_abuffer[128]; CString c_strFinalCmd, strResult; c_strFinalCmd = " certutil -N -d sql:/platform/tmp/.pki/nssdb --empty-password 2>&1 "; try{ pipe = popen(c_strFinalCmd.c_str(), "r"); //Below fgets throwing exception internally - error "basic_string::append " with type "St12length_error" while(fgets(c_abuffer, sizeof c_abuffer, pipe) != NULL) strResult += c_abuffer; cout<<"Success .. "<<endl; } catch(exception& e) { if(pipe) { cout<<"Before closing pipe"<<endl; pclose(pipe); } cout<<"ExecuteCommand failed"<<endl; throw; } ``` After checking the processes running, saw that certutil is running continuously and not returning. ps -ef | grep certutil root 2933 2234 0 Nov10 ? 00:00:00 sh -c certutil -N -d sql:/platform/tmp/.pki/nssdb --empty-password 2>&1 root 2943 2933 89 Nov10 ? **01:05:50** certutil -N -d sql:/platform/tmp/.pki/nssdb --empty-password root 6715 21209 0 13:13 ttyS2 00:00:00 grep certutil **Below is the gdb output of certutil -** #0 0xf7714b39 in __kernel_vsyscall () #1 0xf737a033 in __open_nocancel () at ../sysdeps/unix/syscall-template.S:81 #2 0xf730cab7 in __GI__IO_file_open (fp=0x80cda00, filename=0x8072674 "/dev/tty", posix_mode=0, prot=438, read_write=8, is32not64=1) at fileops.c:227 #3 0xf730cc59 in _IO_new_file_fopen (fp=0x80cda00, filename=0x8072674 "/dev/tty", mode=<optimized out>, is32not64=1) at fileops.c:332 #4 0xf73016c1 in __fopen_internal (filename=0x8072674 "/dev/tty", mode=0x8060eaf "r", is32=1) at iofopen.c:90 #5 0xf730172e in _IO_new_fopen (filename=0x8072674 "/dev/tty", mode=0x8060eaf "r") at iofopen.c:103 #6 0x08058305 in ?? () #7 0x08058699 in SECU_GetModulePassword () #8 0x08058a89 in ?? () #9 0x080536bb in ?? () #10 0x0804f15a in ?? () #11 0xf72b7efe in __libc_start_main (main=0x804f130, argc=5, argv=0xffdda0e4, init=0x805f890, fini=0x805f8f0, rtld_fini=0xf7724820 <_dl_fini>, stack_end=0xffdda0dc) at libc-start.c:287 #12 0x0804f197 in ?? () (gdb) detach Detaching from program: /usr/bin/certutil, process 3278 (gdb) quit **Below is the strace output of certutil, coming continously -** write(2, "Invalid password. Try again.\n", 30) = -1 EPIPE (Broken pipe) --- SIGPIPE {si_signo=SIGPIPE, si_code=SI_USER, si_pid=2943, si_uid=0} --- open("/dev/tty", O_RDONLY) = -1 ENXIO (No such device or address) write(2, "Error opening input terminal for"..., 38) = -1 EPIPE (Broken pipe) --- SIGPIPE {si_signo=SIGPIPE, si_code=SI_USER, si_pid=2943, si_uid=0} --- gettimeofday({1699704735, 608686}, NULL) = 0 write(2, "Invalid password. Try again.\n", 30) = -1 EPIPE (Broken pipe) **When i tried to open FD 2 - below messages are coming , endless** Error opening input terminal for read Invalid password. Try again. Please let me know why certutil command is not returning. Thanks