openssl 0.9.8r, 1.0.0c
ocsp_req_find_signer does'nt check the returned signer value. If the
signer is NULL, the sequence of
EVP_PKEY *skey;
skey = X509_get_pubkey(signer);
ret = OCSP_REQUEST_verify(req, skey);
in OCSP_request_verify leads to core dump.
--- ocsp_vfy.c 2008-11-05 19:36:45.000000000 +0100
+++ ocsp_vfy.c.1 2011-07-13 15:58:51.192277300 +0200
@@ -430,8 +430,11 @@
if(!(flags & OCSP_NOINTERN))
{
signer = X509_find_by_subject(req->optionalSignature->certs, nm);
- *psigner = signer;
- return 1;
+ if(signer)
+ {
+ *psigner = signer;
+ return 1;
+ }
}
signer = X509_find_by_subject(certs, nm);
Thanks,
-cipo
_______________________________________________________________________
Ezt az e-mailt virus- es SPAM-szuresnek vetettuk ala a filter:mail MessageLabs
rendszerrel. Tovabbi informacio: http://www.filtermax.hu
This email has been scanned for viruses and SPAM by the filter:mail MessageLabs
System. More information: http://www.filtermax.hu
________________________________________________________________________________________
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
