Package: xca Version: 1.0.0-1 Severity: important Tags: upstream patch Viewing the attached certificate causes a segmentation fault.
It was discovered by Red Hat and a fix was provided by upstream. Steps to reproduce: 1. $ xca crash_cert.pem 2. select the certificate 3. click on 'Details' -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.1-05396-g5a81495 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages xca depends on: ii libc6 2.19-11 ii libgcc1 1:4.9.1-18 ii libltdl7 2.4.2-1.11 ii libqtcore4 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqtgui4 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libssl1.0.0 1.0.1j-1 ii libstdc++6 4.9.1-18 xca recommends no packages. xca suggests no packages. -- no debconf information
-----BEGIN CERTIFICATE----- MIIDijCCAvOgAwIBAgIIEdZ7XJQ2IbcwDQYJKoZIhvcNAQEFBQAwRTEkMCIGA1UE AwwbZ3JpbWxvY2sudXNlcnN5cy5yZWRoYXQuY29tMQswCQYDVQQGEwJVUzEQMA4G A1UEBwwHUmFsZWlnaDAeFw0xNDEwMDcwMDAwMDBaFw0xNTEwMDcwMDAwMDBaMCsx KTAnBgNVBAMTIDhhOGQwMTM4NDhlYmE0Y2YwMTQ4ZjE4OTIwYzEyMzUwMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfe/f1S6jx2lpa1bcx5sJFtisGuu rzesvpEu5a1T4mCBHJRlr4Mt71Gue0UIOw6/L/mEY0jL+Kdwe8OUjNZRl/qfaskF 7ZnHcnXZdgJqgj+7o5o3y9MWmxB0USwK01EJUW9tq4ARtpApwsSQhI/QKVrluVrc L9GjSmLYsJjtbwhR9YYNTQxOn3mSlR4BQopcD5BYGRaAw+HuZ9H/UwZAYUjc40Cn deqVSc1ScjT0c9GPFoIDNKHzEsbyQvJFKsDK/jyXjCo/g+T0eZ4H3/JdiOodCftG 5OCx60EyaIgpQbOaZN1xDsR3gnCj70KCS/o+5v2HcSye/K6CTJae8yeh1QIDAQAB o4IBFzCCARMwEQYJYIZIAYb4QgEBBAQDAgWgMAsGA1UdDwQEAwIEsDB1BgNVHSME bjBsgBRAHnNP0Fb5JqlSy2HFxl7mfBFKR6FJpEcwRTEkMCIGA1UEAwwbZ3JpbWxv Y2sudXNlcnN5cy5yZWRoYXQuY29tMQswCQYDVQQGEwJVUzEQMA4GA1UEBwwHUmFs ZWlnaIIJAKlZPqrbqDYUMB0GA1UdDgQWBBTcN6+nh8DNApF3bZtxVuNbya+lqTAT BgNVHSUEDDAKBggrBgEFBQcDAjASBgkrBgEEAZIICQYEBQwDMy4yMDIGCSsGAQQB kggJBwQlBCN42stLLUstYkjLz2dIzClPrCxmKEgsyWAAAFuNB6MEdy8J4DANBgkq hkiG9w0BAQUFAAOBgQAFsBDLgvHyRAMsDcji7ngL+phIgxmZQdByrTokAKoHwbg7 9LuXddnIrdl+VYRHgyQliputtoR2hCulhcOkslz+4JSl/5DS8XRJkJp3QBS/EQmg YOdwywzCLmhNr4H4zOrEEAB5RGMklD28+pfNGOW9bo6crQmyiI5Ms5aKRgU3kg== -----END CERTIFICATE----- -----BEGIN ENTITLEMENT DATA----- eJzFVl1vmzAU/SvIz6ExHwmEt2bS9pKpk9KnVVV1gRuKCjY1drsoyn/fNdAm/Uja rZ0WRQL7Xt9zzj2WzYZlUrSmRsUSxmOIZtMJd7mH6IYQ+e5sxkM3XmV+lHvhLI1D NmK3BoQu9Zol3oi1Jm0zVTa6lIIlG9beGKoE99jKGmXrtqjuqPiICaiRIqd9xDlb Ossu5MyNyCvMKeUelChFwZKAU2GZ3aBuWeKPWA0CCqxRaJZoZZCitLbM0CJWeIcV Vf6hsC5NTXX0urFQCxtwArbdjphUuZW4YcLUaSe2m3HjaTQJ+OypKouuQREY87kX uh51JDrnPOn+PykZRd4HJ68EqaNaQWaXT2gIWSaNZc48Pwg8L6CHx4hTo2RuMivx YsNKWzCI+HSy69WXyrQaFbXEmZeUN2LUr7ZrNPNOuK2tsutSY6aNQluHnS4W7LKn 0HXrggapApFfDU05W7KHmQFlbgeYO4ed2Y72+PGjXj6nOT3x3kVzAPCDyc6/dWfm gDWkulg3el00BUUqSDvjH0LduE9w+4w78klaszW22h1G1HjQ1zQ5Xkk57t6toZBa qckKqhZ7xk+oUsEroywcZdeoIQcNV/irKRXR448t4gf4C9qMyh1g3AfhOxGH4u+U MO7W/5mQZ4vHfc9eaJvynTo/CN/wR8hj5gj5/5zx6Hec/CHa/4rvzgCaGx9n7x+g rqEoXt1QLwLv3UlQ3cO6/Vsl/ephLym8NaSDDh8ouoXnp9+sB/Tw2eX2cv9gifYO loWE3JlDBSL72OH35OSK9wBAFeh8LSt0lqZppNKfBRLtQJbXQNqdpZaKbq/PApjt AL4/XosfKU7DRsrKXo4dSAxxzr0gDmNMIcxWdAPat0kQ0jdAlALdp78B0f6a3w== -----END ENTITLEMENT DATA----- -----BEGIN RSA SIGNATURE----- XE/XmJw1QvUa+yZkAKq8yFy389X0S6bFUi5Nf8BuTeyQDVf/i+5w2Q6h7zrVjlrs rutlGjXNKRD2wr0z9IMvvfg56FjWYtmW7Em04npXY546+S3jumskfBhpnMMLI1O9 0lG50MQuBFOY6e4hjrO5uTCrWjXCvXqJ8cvbHV68J0o= -----END RSA SIGNATURE-----
>From 0baa9173eac0ebe568539e892792921b9ecf7279 Mon Sep 17 00:00:00 2001 From: Christian Hohnstaedt <[email protected]> Date: Mon, 17 Nov 2014 16:15:42 +0100 Subject: [PATCH] RedHat Bug #1164340 - segfault when viewing a RHEL entitlement certificate ...in X509V3_EXT_get v3_lib.c:15 Fix the x509v3ext copy constructor --- lib/x509v3ext.cpp | 7 +++---- 1 files changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/x509v3ext.cpp b/lib/x509v3ext.cpp index d94cbda..87bfc63 100644 --- a/lib/x509v3ext.cpp +++ b/lib/x509v3ext.cpp @@ -26,10 +26,9 @@ x509v3ext::x509v3ext(const X509_EXTENSION *n) x509v3ext::x509v3ext(const x509v3ext &n) { - ext = NULL; - if (!n.isValid()) - return; - set(n.ext); + ext = X509_EXTENSION_new(); + if (n.ext && n.ext->value && n.ext->value->length > 0) + set(n.ext); } x509v3ext::~x509v3ext() -- 1.7.2.5

