Can you get openssl req to crash after rebuilding libcrypto with the
below?
Maybe, but not with that config / command anymore ;-)
Index: x509/x509_alt.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509_alt.c,v
retrieving revision 1.5
diff -u -p -r1.5 x509_alt.c
--- x509/x509_alt.c 28 Oct 2021 10:58:23 -0000 1.5
+++ x509/x509_alt.c 9 Feb 2022 15:30:03 -0000
@@ -649,6 +649,8 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, c
}
ret = a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
+ if (ret == NULL)
+ return NULL;
/* Validate what we have for sanity */
type = x509_constraints_general_to_bytes(ret, &bytes, &len);
@@ -686,7 +688,8 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, c
}
return ret;
err:
- GENERAL_NAME_free(ret);
+ if (out == NULL)
+ GENERAL_NAME_free(ret);
return NULL;
}
