Our QA found a scenario where openssl req is crashing,
this is tracked in https://bugzilla.novell.com/show_bug.cgi?id=430141
It seems a non-asn1 converted string is passed into ASN1_TYPE_set1.
We applied the patch attached.
Ciao, Marcus
Index: openssl-0.9.8h/crypto/x509/x509_att.c
================================================================================
--- openssl-0.9.8h/crypto/x509/x509_att.c
+++ openssl-0.9.8h/crypto/x509/x509_att.c
@@ -305,7 +305,7 @@
if(!(ttmp = ASN1_TYPE_new())) goto err;
if (len == -1)
{
- if (!ASN1_TYPE_set1(ttmp, attrtype, data))
+ if (!ASN1_TYPE_set1(ttmp, attrtype, stmp))
goto err;
}
else
