[openssl.org #228] Windows: ASN1 time routine can cause core dump (0.9.6g)

Fri, 16 Aug 2002 04:23:33 -0700 


Hello all

"Unchecked return from gmtime in ASN1 time set routine can cause core dump on 
Windows"

I found this problem when debugging 'nmake test' for Net::SSLeay.

openssl is called:
        openssl.exe req 
                -config examples/req.conf 
                -x509 
                -days 36500 
                -new 
                -keyout examples/key.pem

Those hundred years in the -days argument seem to bee too much for Windows. The 
time value t in the 
        ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
function (in crypto/asn1/a_utctm.c:192) runs over into the negative 
(0xf954fcaf). 
The subsequent call to
        ts=gmtime(&t);
returns a NULL pointer.

This pointer doesn't get checked and the following call to
        sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
                ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
dumps core. (Well, the system croaks up an 'access violation')

I recommend checking the return from gmtime and using an error exit on NULL.


Stack trace:
ASN1_UTCTIME_set(asn1_string_st * 0x008b0d70, long 0xf954fcaf) line 260 + 3 
bytes
X509_time_adj(asn1_string_st * 0x008b0d70, long 0xbbf81e00, long * 0x00000000) 
line 657 + 22 bytes
X509_gmtime_adj(asn1_string_st * 0x008b0d70, long 0xbbf81e00) line 645 + 15 
bytes
req_main(int 0x00000000, char * * 0x00892a88) line 725 + 30 bytes
do_cmd(lhash_st * 0x008adbf8, int 0x00000009, char * * 0x00892a64) line 236 + 
14 bytes
main(int 0x00000009, char * * 0x00892a64) line 155 + 20 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e97d08()

My system:
Windows 2000 SP2 on Intel Pentium
Compiler Visual C++ V6 SP4

openssl version -a :
OpenSSL 0.9.6g 9 Aug 2002
built on: Wed Aug 14 13:54:34 2002
platform: VC-WIN32
options:  bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) 
blowfish(idx)
compiler: cl  /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN 
-DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32 /MTd -DBN_ASM -DMD5_ASM -DSHA1_ASM 
-DRMD160_ASM /Fdout32dll


Thanks for your work!
Marcel Bucher
[EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to