On Thu, May 08, 2014 at 09:16:16AM +0200, Jan-Benedict Glaw wrote:
> My coworker Sebastian discovered a glitch while playing with `pkitool'
> of OpenVPN's `easy-rsa'[1]. This was observed with Debian's
> libssl-1.0.1g-3: If input for a country name is longer than the
> expected two bytes. openssl will spit out an endless stream of
The below should fix it:
diff --git a/apps/req.c b/apps/req.c
index 316163f..41ed22c 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1486,7 +1486,12 @@ start:
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, n_min, n_max)) goto start;
+ if(!req_check_len(i, n_min, n_max))
+ {
+ if (batch || value)
+ return 0;
+ goto start;
+ }
if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
(unsigned char *) buf, -1,-1,mval)) goto err;
ret=1;
@@ -1545,7 +1550,12 @@ start:
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, n_min, n_max)) goto start;
+ if(!req_check_len(i, n_min, n_max))
+ {
+ if (batch || value)
+ return 0;
+ goto start;
+ }
if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
(unsigned char *)buf, -1)) {
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
