Package: xca
Version: 1.0.0-1
Severity: important
Tags: upstream patch

Viewing the attached certificate causes a segmentation fault.

It was discovered by Red Hat and a fix was provided by upstream.

Steps to reproduce:

1. $ xca crash_cert.pem
2. select the certificate
3. click on 'Details'

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.1-05396-g5a81495 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages xca depends on:
ii  libc6        2.19-11
ii  libgcc1      1:4.9.1-18
ii  libltdl7     2.4.2-1.11
ii  libqtcore4   4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqtgui4    4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libssl1.0.0  1.0.1j-1
ii  libstdc++6   4.9.1-18

xca recommends no packages.

xca suggests no packages.

-- no debconf information
-----BEGIN CERTIFICATE-----
MIIDijCCAvOgAwIBAgIIEdZ7XJQ2IbcwDQYJKoZIhvcNAQEFBQAwRTEkMCIGA1UE
AwwbZ3JpbWxvY2sudXNlcnN5cy5yZWRoYXQuY29tMQswCQYDVQQGEwJVUzEQMA4G
A1UEBwwHUmFsZWlnaDAeFw0xNDEwMDcwMDAwMDBaFw0xNTEwMDcwMDAwMDBaMCsx
KTAnBgNVBAMTIDhhOGQwMTM4NDhlYmE0Y2YwMTQ4ZjE4OTIwYzEyMzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfe/f1S6jx2lpa1bcx5sJFtisGuu
rzesvpEu5a1T4mCBHJRlr4Mt71Gue0UIOw6/L/mEY0jL+Kdwe8OUjNZRl/qfaskF
7ZnHcnXZdgJqgj+7o5o3y9MWmxB0USwK01EJUW9tq4ARtpApwsSQhI/QKVrluVrc
L9GjSmLYsJjtbwhR9YYNTQxOn3mSlR4BQopcD5BYGRaAw+HuZ9H/UwZAYUjc40Cn
deqVSc1ScjT0c9GPFoIDNKHzEsbyQvJFKsDK/jyXjCo/g+T0eZ4H3/JdiOodCftG
5OCx60EyaIgpQbOaZN1xDsR3gnCj70KCS/o+5v2HcSye/K6CTJae8yeh1QIDAQAB
o4IBFzCCARMwEQYJYIZIAYb4QgEBBAQDAgWgMAsGA1UdDwQEAwIEsDB1BgNVHSME
bjBsgBRAHnNP0Fb5JqlSy2HFxl7mfBFKR6FJpEcwRTEkMCIGA1UEAwwbZ3JpbWxv
Y2sudXNlcnN5cy5yZWRoYXQuY29tMQswCQYDVQQGEwJVUzEQMA4GA1UEBwwHUmFs
ZWlnaIIJAKlZPqrbqDYUMB0GA1UdDgQWBBTcN6+nh8DNApF3bZtxVuNbya+lqTAT
BgNVHSUEDDAKBggrBgEFBQcDAjASBgkrBgEEAZIICQYEBQwDMy4yMDIGCSsGAQQB
kggJBwQlBCN42stLLUstYkjLz2dIzClPrCxmKEgsyWAAAFuNB6MEdy8J4DANBgkq
hkiG9w0BAQUFAAOBgQAFsBDLgvHyRAMsDcji7ngL+phIgxmZQdByrTokAKoHwbg7
9LuXddnIrdl+VYRHgyQliputtoR2hCulhcOkslz+4JSl/5DS8XRJkJp3QBS/EQmg
YOdwywzCLmhNr4H4zOrEEAB5RGMklD28+pfNGOW9bo6crQmyiI5Ms5aKRgU3kg==
-----END CERTIFICATE-----
-----BEGIN ENTITLEMENT DATA-----
eJzFVl1vmzAU/SvIz6ExHwmEt2bS9pKpk9KnVVV1gRuKCjY1drsoyn/fNdAm/Uja
rZ0WRQL7Xt9zzj2WzYZlUrSmRsUSxmOIZtMJd7mH6IYQ+e5sxkM3XmV+lHvhLI1D
NmK3BoQu9Zol3oi1Jm0zVTa6lIIlG9beGKoE99jKGmXrtqjuqPiICaiRIqd9xDlb
Ossu5MyNyCvMKeUelChFwZKAU2GZ3aBuWeKPWA0CCqxRaJZoZZCitLbM0CJWeIcV
Vf6hsC5NTXX0urFQCxtwArbdjphUuZW4YcLUaSe2m3HjaTQJ+OypKouuQREY87kX
uh51JDrnPOn+PykZRd4HJ68EqaNaQWaXT2gIWSaNZc48Pwg8L6CHx4hTo2RuMivx
YsNKWzCI+HSy69WXyrQaFbXEmZeUN2LUr7ZrNPNOuK2tsutSY6aNQluHnS4W7LKn
0HXrggapApFfDU05W7KHmQFlbgeYO4ed2Y72+PGjXj6nOT3x3kVzAPCDyc6/dWfm
gDWkulg3el00BUUqSDvjH0LduE9w+4w78klaszW22h1G1HjQ1zQ5Xkk57t6toZBa
qckKqhZ7xk+oUsEroywcZdeoIQcNV/irKRXR448t4gf4C9qMyh1g3AfhOxGH4u+U
MO7W/5mQZ4vHfc9eaJvynTo/CN/wR8hj5gj5/5zx6Hec/CHa/4rvzgCaGx9n7x+g
rqEoXt1QLwLv3UlQ3cO6/Vsl/ephLym8NaSDDh8ouoXnp9+sB/Tw2eX2cv9gifYO
loWE3JlDBSL72OH35OSK9wBAFeh8LSt0lqZppNKfBRLtQJbXQNqdpZaKbq/PApjt
AL4/XosfKU7DRsrKXo4dSAxxzr0gDmNMIcxWdAPat0kQ0jdAlALdp78B0f6a3w==
-----END ENTITLEMENT DATA-----
-----BEGIN RSA SIGNATURE-----
XE/XmJw1QvUa+yZkAKq8yFy389X0S6bFUi5Nf8BuTeyQDVf/i+5w2Q6h7zrVjlrs
rutlGjXNKRD2wr0z9IMvvfg56FjWYtmW7Em04npXY546+S3jumskfBhpnMMLI1O9
0lG50MQuBFOY6e4hjrO5uTCrWjXCvXqJ8cvbHV68J0o=
-----END RSA SIGNATURE-----
>From 0baa9173eac0ebe568539e892792921b9ecf7279 Mon Sep 17 00:00:00 2001
From: Christian Hohnstaedt <[email protected]>
Date: Mon, 17 Nov 2014 16:15:42 +0100
Subject: [PATCH] RedHat Bug #1164340 - segfault when viewing a RHEL entitlement certificate

...in X509V3_EXT_get v3_lib.c:15

Fix the x509v3ext copy constructor
---
 lib/x509v3ext.cpp |    7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/lib/x509v3ext.cpp b/lib/x509v3ext.cpp
index d94cbda..87bfc63 100644
--- a/lib/x509v3ext.cpp
+++ b/lib/x509v3ext.cpp
@@ -26,10 +26,9 @@ x509v3ext::x509v3ext(const X509_EXTENSION *n)
 
 x509v3ext::x509v3ext(const x509v3ext &n)
 {
-	ext = NULL;
-	if (!n.isValid())
-		return;
-	set(n.ext);
+	ext = X509_EXTENSION_new();
+	if (n.ext && n.ext->value && n.ext->value->length > 0)
+		set(n.ext);
 }
 
 x509v3ext::~x509v3ext()
-- 
1.7.2.5

Reply via email to