Greetings,
I have identified an OpenSSL crash. I have no idea whether it is exploitable in any way (maybe I should be posting this publicly?). The crash seems isolated to OpenSSL 0.9.8x (0.9.8d is also affected). To reproduce just execute: openssl pkcs12 -export -chain ânokeys <any_string_not_really_required> ^D On my Gentoo install I get a: *** glibc detected **** free(): invalid pointer: 0xb7ddd838 *** Having compiled it from source on Gentoo (though using the official ebuild) I went ahead and tried Fedora -- it results in a Segmentation Fault, and it also crashes Sunshineâs Win32 distribution⦠I have been unable to reproduce it on 0.9.7d. Thanks, Alexander Ivantchev "Tumbleweed E-mail Firewall <tumbleweed.com>" made the following annotations on 12/19/06, 07:53:35 ------------------------------------------------------------------------------ === Tumbleweed Communications Disclaimer === This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. ============================================================================== ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
