This bug seems to be present in both 0.9.7 and 0.9.8 branches.
ASN1 NULL type is stored in ASN1_TYPE structure usually in such a way that
value.ptr is NULL pointer (except when ASN1_TYPE_set() was used). But this
breaks ASN1_TYPE_get() function. The following simple (most error
checkings are omitted to keep code short) program demonstrates this bug:
---Cut here: 8<------------------------------------------------------
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include <openssl/asn1.h>
int main()
{
ASN1_TYPE *a_type;
ASN1_NULL *a_null;
unsigned char *der;
unsigned char *p;
int der_len;
a_type = ASN1_TYPE_new();
a_null = ASN1_NULL_new();
ASN1_TYPE_set(a_type, V_ASN1_NULL, a_null);
assert(ASN1_TYPE_get(a_type) == V_ASN1_NULL);
der_len = i2d_ASN1_TYPE(a_type, NULL);
p = der = malloc(der_len);
i2d_ASN1_TYPE(a_type, &p);
ASN1_TYPE_free(a_type);
assert(der_len == 2);
assert(memcmp(der, "\x05\x00", 2) == 0);
p = der;
a_type = d2i_ASN1_TYPE(NULL, &p, der_len);
free(der);
assert(a_type != NULL);
/* The following assertion fails because of OpenSSL bug: */
assert(ASN1_TYPE_get(a_type) == V_ASN1_NULL);
ASN1_TYPE_free(a_type);
return 0;
}
---Cut here: 8<------------------------------------------------------
Perhaps ASN1_TYPE_get() should be rewritten to handle condition
where (a->type == V_ASN1_NULL) specially?
--
Ville Hallik
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
