Massimiliano Pala wrote:
>
> Hi,
>
> i probably found a bug in the ca.c program where it sorts the REVOKED
> certificate:
>
> sk_X509_REVOKED_sort(ci->revoked); /* Line 1400 ~ */
>
> the problem is related to the fact that with empty index.txt file the
> ci->revoked value is 0: this causes a segmentation fault. Fixing it
> can be done in two ways, one is checking for the ci->revoked value
> and, in case it is NULL, then we simply don't sort anything; the other
> is to check the sk_X509_REVOKED_sort (wich I think points to sk_sort)
> and allow for NULL values to be passed.
As patching the ca for the first solution is very easy I am sending it
(I needed something fixing it right now so ... ). Let me know.
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
--- ca.c Sat Jan 27 14:19:29 2001
+++ ca.new Sat Jan 27 14:16:58 2001
@@ -1397,13 +1397,15 @@
}
/* sort the data so it will be written in serial
* number order */
- sk_X509_REVOKED_sort(ci->revoked);
- for (i=0; i<sk_X509_REVOKED_num(ci->revoked); i++)
+ if ( ci->revoked )
{
- r=sk_X509_REVOKED_value(ci->revoked,i);
- r->sequence=i;
+ sk_X509_REVOKED_sort(ci->revoked);
+ for (i=0; i<sk_X509_REVOKED_num(ci->revoked); i++)
+ {
+ r=sk_X509_REVOKED_value(ci->revoked,i);
+ r->sequence=i;
+ }
}
-
/* we now have a CRL */
if (verbose) BIO_printf(bio_err,"signing CRL\n");
if (md != NULL)
S/MIME Cryptographic Signature
