On Fri, May 07, 2010, David Woodhouse wrote: > With OpenSSL 0.9.8n this test program segfaults the second time it tries > to parse the PKCS#12 file. It was fixed for OpenSSL 1.0.0 by this > commit: http://cvs.openssl.org/chngview?cn=17957 > > Starting program: /home/dwmw2/p12test .cert/certificate.p12 > Enter PKCS#12 passphrase: > 140737353934504:error:23076071:PKCS12 routines:PKCS12_parse:mac verify > failure:p12_kiss.c:121: > Parse PKCS#12 failed (wrong passphrase?) > Enter PKCS#12 passphrase: > > Program received signal SIGSEGV, Segmentation fault. > __libc_free (mem=0x31) at malloc.c:3709 > 3709 if (chunk_is_mmapped(p)) /* release mmapped > memory. */ > (gdb) bt > #0 __libc_free (mem=0x31) at malloc.c:3709 > #1 0x0000000000417d5d in CRYPTO_free () > #2 0x000000000044396d in ASN1_STRING_free () > #3 0x000000000043f2cd in ASN1_primitive_free () > #4 0x000000000043f69f in ASN1_template_free () > #5 0x000000000043f586 in asn1_item_combine_free () > #6 0x000000000043f6d5 in ASN1_item_free () > #7 0x000000000042e2b4 in sk_pop_free () > #8 0x000000000045d643 in PKCS12_parse () > #9 0x0000000000401c69 in main () > > My dirty workaround for now is just to add a deliberate memory leak in > my application just before the 'goto retry': > #if OPENSSL_VERSION_NUMBER < 0x10000002 > ca = sk_X509_new_null(); > #endif > > Any better suggestions? >
Setting ca to NULL if it fails should work. That should be done in PKCS12_parse() on error. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org