I was trying to create a certificate with an URI SAN using
p5-io-socket-ssl and got a segfault in

  perl -MIO::Socket::SSL::Utils -le 'CERT_create

I think it is a regression since the "Fix URI name constraints, allow
for URI's with no host part." change in
x509_constraints.c. x509_constraints_uri_host() is called from
x509_alt.c:v2i_GENERAL_NAME_ex() with NULL as hostpart which can not be

The diff below adds a check for NULL and fixed the issue for me.

Best regards

Anton Borowka

Index: lib/libcrypto/x509/x509_constraints.c
RCS file: /cvs/src/lib/libcrypto/x509/x509_constraints.c,v
retrieving revision 1.29
diff -u -p -r1.29 x509_constraints.c
--- lib/libcrypto/x509/x509_constraints.c	11 Nov 2022 12:02:34 -0000	1.29
+++ lib/libcrypto/x509/x509_constraints.c	27 Nov 2022 15:05:04 -0000
@@ -530,7 +530,8 @@ x509_constraints_uri_host(uint8_t *uri, 
 		 * we indicate that we have a URI with an empty
 		 * host part, and succeed.
-		*hostpart = strdup("");
+		if (hostpart != NULL)
+			*hostpart = strdup("");
 		return 1;
 	for (i = authority - uri; i < len; i++) {

Reply via email to