[openssl-dev] [openssl.org #2612] Segfault protection in X509v3 extension API - PATCH

Richard Levitte via RT rt at openssl.org
Mon May 16 13:55:12 UTC 2016 

Old ticket, rejecting it. Those extension must be programmed correctly.

On Fri Sep 23 09:08:53 2011, nick.lewis at usa.g4s.com wrote:
> Please find attached below a revised patch that provides further
> protection against segmentation faults in the X509v3 extension API
>
> Best Regards
> Nick
>
> --------------------
>
> diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
> index 3146218..094861e 100755
> --- a/crypto/x509v3/v3_prn.c
> +++ b/crypto/x509v3/v3_prn.c
> @@ -118,7 +118,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION
> *ext, unsigned long flag, int inde
> return unknown_ext_print(out, ext, flag, indent, 0);
> p = ext->value->data;
> if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value-
> >length, ASN1_ITEM_ptr(method->it));
> - else ext_str = method->d2i(NULL, &p, ext->value->length);
> + else if(method->d2i) ext_str = method->d2i(NULL, &p, ext-
> >value->length);
>
> if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
>
> @@ -158,7 +158,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION
> *ext, unsigned long flag, int inde
> sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
> if(value) OPENSSL_free(value);
> if(method->it) ASN1_item_free(ext_str,
> ASN1_ITEM_ptr(method->it));
> - else method->ext_free(ext_str);
> + else if (method->ext_free) method->ext_free(ext_str);
> return ok;
> }
>
>
>
>
>
> The details of this company are as follows:
> G4S Technology Limited, Registered Office: Challenge House,
> International Drive, Tewkesbury, Gloucestershire GL20 8UQ, Registered
> in England No. 2382338.
>
> This communication may contain information which is confidential,
> personal and/or privileged.
>
> It is for the exclusive use of the intended recipient(s).
> If you are not the intended recipient(s), please note that any
> distribution, forwarding, copying or use of this communication or the
> information in it is strictly prohibited.
>
> Any personal views expressed in this e-mail are those of the
> individual sender and the company does not endorse or accept
> responsibility for them.
>
> Prior to taking any action based upon this e-mail message, you should
> seek appropriate confirmation of its authenticity.
>
> This e-mail has been scanned for all viruses by MessageLabs.


--
Richard Levitte
levitte at openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2612
Please log in as guest with password guest if prompted

More information about the openssl-dev mailing list