> Hello Dr. Henson,
>
> It seems, that OpenSSL overwrites allocated memory -
> may be memory allocated for 32-Bit and used with 64-Bit?
I've found the error. :-)
The problem ist following:
In file a_mbstr.c in function ASN1_mbstring_ncopy there are the following calls:
/* Work out how much space the destination will need */
switch(outform) {
.......
case MBSTRING_UTF8:
outlen = 0;
traverse_string(in, len, inform, out_utf8, &outlen);
cpyfunc = cpy_utf8;
break;
}
if(!(p = OPENSSL_malloc(outlen + 1))) {
if(free_out) ASN1_STRING_free(dest);
ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
return -1;
}
After traverse_string outlen is set to "0" and in the following malloc p becomes only
1 Byte. I iterated through traverse_string and found that outlen should be 32. I
tested p=OPENSSL_malloc(32 + 1) and voila - no degmantation faults, no picket-fence
error left.
I suggest to change in ASN1_mbstring_ncopy the type of outlen from int to long (see
also: out_utf8 in a_mbstr.c):
- int outform, outlen;
+ int outform;
+ long outlen;
That's it.
Best regards,
Stephan Collet
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
