Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 60392
Status: resolved
Worked: 10 min
Priority: 0/
Queue: Net-SSLeay

People
Owner: Nobody in particular
Requestors: SAMV [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 1.36
Fixed in: (no value)



Subject: X509_NAME_get_text_by_NID - doesn't check success
Download (untitled) / with headers
text/plain 843b
Noticed this when trying to retrieve fields which do not exist on the certificate, eg with debugperl you get: panic: sv_setpvn called with negative strlen at ... Without debugperl you might just get a segfault. --- SSLeay.xs~ 2010-01-30 20:34:13.000000000 +0000 +++ SSLeay.xs 2010-08-16 15:11:24.944118967 +0100 @@ -1531,11 +1531,12 @@ CODE: ST(0) = sv_newmortal(); /* Undefined to start with */ length = X509_NAME_get_text_by_NID(name, nid, NULL, 0); - - New(0, buf, length+1, char); - if (X509_NAME_get_text_by_NID(name, nid, buf, length + 1)) - sv_setpvn( ST(0), buf, length); - Safefree(buf); + if (length>=0) { + New(0, buf, length+1, char); + if (X509_NAME_get_text_by_NID(name, nid, buf, length + 1)>=0) + sv_setpvn( ST(0), buf, length); + Safefree(buf); + } X509 * X509_STORE_CTX_get_current_cert(x509_store_ctx)
Thanks for the patch. Now fixed in SVN


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.