NetBSD Problem Report #39767
From ws@solfrank.net Sun Oct 19 09:15:26 2008
Return-Path: <ws@solfrank.net>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 6358663B93C
for <gnats-bugs@gnats.NetBSD.org>; Sun, 19 Oct 2008 09:15:26 +0000 (UTC)
Message-Id: <20081019091522.E9709853B8@ws.solfrank.net>
Date: Sun, 19 Oct 2008 11:15:22 +0200 (MEST)
From: Wolfgang@solfrank.net
Reply-To: Wolfgang@solfrank.net
To: gnats-bugs@gnats.NetBSD.org
Subject: openssl pkcs12 dumps core
X-Send-Pr-Version: 3.95
>Number: 39767
>Category: security
>Synopsis: openssl pkcs12 dumps core
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: security-officer
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Oct 19 09:20:00 +0000 2008
>Closed-Date: Sat Oct 25 12:21:59 +0000 2008
>Last-Modified: Sat Oct 25 12:21:59 +0000 2008
>Originator: Wolfgang Solfrank
>Release: NetBSD 4.99.72
>Organization:
NetBSD
>Environment:
System: NetBSD ws.solfrank.net 4.99.72 NetBSD 4.99.72 (ws) #18: Wed Sep 24 21:29:44 MEST 2008 ws@ws.solfrank.net:/src/obj/sys/arch/amd64/compile/ws amd64
Architecture: x86_64
Machine: amd64
>Description:
Trying to generate a pfx file from a certificate and a key
with a friendly name dumps core.
>How-To-Repeat:
openssl pkcs12 -in me.pem -inkey me.key -out me.pfx -export -name Me
It seems that with the last import of openssl the semantics of
the last argument to the routine PKCS12_add_friendlyname being -1
changed. While previously it meant that the routine would find the
length of the second argument, the C string name, by itself, it
now means the the second argument isn't a C string, but an ASN1
string.
The problem is that the pkcs12 code wasn't adapted to this change
in semantics.
>Fix:
Index: crypto/dist/openssl/crypto/pkcs12/p12_crt.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/openssl/crypto/pkcs12/p12_crt.c,v
retrieving revision 1.1.1.5
diff -u -r1.1.1.5 p12_crt.c
--- crypto/dist/openssl/crypto/pkcs12/p12_crt.c 25 Nov 2005 03:06:46 -0000 1.1.1.5
+++ crypto/dist/openssl/crypto/pkcs12/p12_crt.c 19 Oct 2008 09:13:43 -0000
@@ -101,7 +101,7 @@
if (cert)
{
bag = PKCS12_add_cert(&bags, cert);
- if(name && !PKCS12_add_friendlyname(bag, name, -1))
+ if(name && !PKCS12_add_friendlyname(bag, name, strlen(name)))
goto err;
if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
goto err;
@@ -137,7 +137,7 @@
goto err;
}
- if(name && !PKCS12_add_friendlyname(bag, name, -1))
+ if(name && !PKCS12_add_friendlyname(bag, name, strlen(name)))
goto err;
if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
goto err;
>Release-Note:
>Audit-Trail:
From: Wolfgang Solfrank <Wolfgang@Solfrank.net>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: security/39767: openssl pkcs12 dumps core
Date: Mon, 20 Oct 2008 12:39:47 +0200
Hi,
today I had a look at the current openssl sources. There they fixed this
bug differently, by in part reverting the change that made a length argument
of -1 special. Their diff can be found at:
http://cvs.openssl.org/filediff?f=openssl/crypto/x509/x509_att.c&v1=1.14&v2=1.15
Hope it helps.
Ciao,
Wolfgang
--
Wolfgang@Solfrank.net
From: Adrian Portelli <adrianp@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/39767 CVS commit: pkgsrc/security/openssl
Date: Sat, 25 Oct 2008 12:03:36 +0000 (UTC)
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Oct 25 12:03:36 UTC 2008
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Log Message:
OpenSSL is not JOBS_SAFE
Pull in a fix from the OpenSSL CVS:
http://cvs.openssl.org/filediff?f=openssl/crypto/x509/x509_att.c&v1=1.14&v2=1.15
This should fix PR #39767 opened by Wolfgang Solfrank
To generate a diff of this commit:
cvs rdiff -r1.135 -r1.136 pkgsrc/security/openssl/Makefile
cvs rdiff -r1.63 -r1.64 pkgsrc/security/openssl/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Adrian Portelli <adrianp@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/39767 CVS commit: src/crypto/dist/openssl/crypto/x509
Date: Sat, 25 Oct 2008 12:11:47 +0000 (UTC)
Module Name: src
Committed By: adrianp
Date: Sat Oct 25 12:11:47 UTC 2008
Modified Files:
src/crypto/dist/openssl/crypto/x509: x509_att.c
Log Message:
Pull in a fix from the OpenSSL CVS:
http://cvs.openssl.org/filediff?f=openssl/crypto/x509/x509_att.c&v1=1.14&v2=1.15
This should fix PR #39767 opened by Wolfgang Solfrank
To generate a diff of this commit:
cvs rdiff -r1.1.1.4 -r1.2 src/crypto/dist/openssl/crypto/x509/x509_att.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: adrianp@NetBSD.org
State-Changed-When: Sat, 25 Oct 2008 12:21:59 +0000
State-Changed-Why:
Changes committed to HEAD and pkgsrc - thank for the PR !
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.