RE: X509_NAME_ENTRY_set_data bug triggered by X509_NAME_ENTRY_create_by_NID called with V_ASN1_APP_CHOOSE

Mark E. Schoneman Thu, 16 Mar 2000 06:15:04 -0800

I don't know about the bug part, but when I converted from 0.9.4 to 0.9.5
replacing V_ASN1_APP_CHOOSE
with the return from ASN1_PRINTABLE_type made my code happy.

                                                                Mark S.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Brian Korver
Sent: Monday, March 13, 2000 8:45 PM
To: [EMAIL PROTECTED]
Subject: X509_NAME_ENTRY_set_data bug triggered by
X509_NAME_ENTRY_create_by_NID called with V_ASN1_APP_CHOOSE


I believe there is a X509_NAME_ENTRY_set_data() bug in 0.9.5 that is
triggered by X509_NAME_ENTRY_create_by_NID() when called with
'type' set to V_ASN1_APP_CHOOSE.

Here's the diff between 0.9.4 and 0.9.5 for X509_NAME_ENTRY_set_data():

    int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
                 unsigned char *bytes, int len)


            int i;

            if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
    +       if(type & MBSTRING_FLAG)
    +               return ASN1_STRING_set_by_NID(&ne->value, bytes,
    +                                               len, type,
    +                                       OBJ_obj2nid(ne->object)) ? 1 :
0;
            if (len < 0) len=strlen((char *)bytes);
            i=ASN1_STRING_set(ne->value,bytes,len);
            if (!i) return(0);
    [snip]

However, when X509_NAME_ENTRY_create_by_NID() is called with 'type'
set to V_ASN1_APP_CHOOSE (which has the value -2), 'type' in
X509_NAME_ENTRY_set_data() is -2.  Of course, since -2 is 0xfffffffe
and MBSTRING_FLAG is 0x1000, the comparison 'type & MBSTRING_FLAG'
evaluates to true and ASN1_STRING_set_by_NID() is called.

When ASN1_STRING_set_by_NID() calls ASN1_mbstring_copy(), 'inform'
is 'type' (still -2), but ASN1_mbstring_copy() expects 'inform'
to be one of the MBSTRING types (0x1001 .. 0x1004).  Thus, the
following error is thrown in ASN1_mbstring_ncopy():

    ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_UNKNOWN_FORMAT);



brian
[EMAIL PROTECTED]      (play)
[EMAIL PROTECTED]  (work)
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: X509_NAME_ENTRY_set_data bug triggered by X509_NAME_ENTRY_create_by_NID called with V_ASN1_APP_CHOOSE

Reply via email to
