Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 83795
Status: resolved
Priority: 0/
Queue: Net-SSLeay

People
Owner: Nobody in particular
Requestors: rad [...] netcraft.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

Attachments
P_X509_get_crl_distribution_list_URI.patch



Subject: Segfault in P_X509_get_crl_distribution_points
Date: Wed, 06 Mar 2013 20:45:13 +0000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Robert Duncan <rad [...] netcraft.com>
Download (untitled) / with headers
text/plain 687b
Hi, I've found a bug when running P_X509_get_crl_distribution_points on an X509 certificate with values in the CDP extension which do not have an ia5 string will cause a segmentation fault when accessed. I've included a test case and a proposed patch which resolves the problem by only include GEN_URI strings. Note that in the test case I have provided this returns 2 items (both of the URIs and not the DirName) rather than include all 3. I'm not necessarily convinced that this is the best option - I am open to a different approach. -- Robert Duncan Netcraft, 2 Belmont, Bath, UK http://netcraft.com Phone: +44 1225 580672 Fax: +44 1225 448600

Message body is not shown because sender requested not to inline it.

Subject: Re: [rt.cpan.org #83795] Segfault in P_X509_get_crl_distribution_points
Date: Thu, 07 Mar 2013 08:47:26 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 2.2k
Hello Robert, thanks for your patch. When I test your patched code here, I get: ... # Testing Net::SSLeay 1.52, Perl 5.016000, /usr/bin/perl # OpenSSL version: 'OpenSSL 1.0.1e 11 Feb 2013' # OpenSSL platform: 'platform: linux-elf' ... t/local/32_x509_get_cert_info.t ........ 1/1247 # Failed test 'serial ASN1_INTEGER_get testcert_cdp.crt.pem' # at t/local/32_x509_get_cert_info.t line 134. # got: '-1' # expected: '-8348367543329812679' # Failed test 'EVP_PKEY_id' # at t/local/32_x509_get_cert_info.t line 226. # got: '6' # expected: undef # Looks like you failed 2 tests of 1247. What platform(s) did you test your patch on? Cheers. On Wednesday, March 06, 2013 03:45:35 PM you wrote: Show quoted text
> Wed Mar 06 15:45:34 2013: Request 83795 was acted upon. > Transaction: Ticket created by rad@netcraft.com > Queue: Net-SSLeay > Subject: Segfault in P_X509_get_crl_distribution_points > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: rad@netcraft.com > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > > > Hi, > > I've found a bug when running P_X509_get_crl_distribution_points on an > X509 certificate with values in the CDP extension which do not have an > ia5 string will cause a segmentation fault when accessed. > > I've included a test case and a proposed patch which resolves the > problem by only include GEN_URI strings. > > Note that in the test case I have provided this returns 2 items (both of > the URIs and not the DirName) rather than include all 3. I'm not > necessarily convinced that this is the best option - I am open to a > different approach.
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #83795] Segfault in P_X509_get_crl_distribution_points
Date: Thu, 07 Mar 2013 09:54:42 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 2.6k
Hi again, actually this was due to some differneces betwen 32 and 64 bit behaviour in Net::SSLeay::ASN1_INTEGER_get. This test is now deleted. Cheers. On Thursday, March 07, 2013 08:47:26 AM you wrote: Show quoted text
> Hello Robert, > > thanks for your patch. > When I test your patched code here, I get: > ... > # Testing Net::SSLeay 1.52, Perl 5.016000, /usr/bin/perl > # OpenSSL version: 'OpenSSL 1.0.1e 11 Feb 2013' > # OpenSSL platform: 'platform: linux-elf' > ... > > t/local/32_x509_get_cert_info.t ........ 1/1247 > # Failed test 'serial ASN1_INTEGER_get testcert_cdp.crt.pem' > # at t/local/32_x509_get_cert_info.t line 134. > # got: '-1' > # expected: '-8348367543329812679' > > # Failed test 'EVP_PKEY_id' > # at t/local/32_x509_get_cert_info.t line 226. > # got: '6' > # expected: undef > # Looks like you failed 2 tests of 1247. > > What platform(s) did you test your patch on? > > Cheers. > > On Wednesday, March 06, 2013 03:45:35 PM you wrote:
> > Wed Mar 06 15:45:34 2013: Request 83795 was acted upon. > > Transaction: Ticket created by rad@netcraft.com > > > > Queue: Net-SSLeay > > > > Subject: Segfault in P_X509_get_crl_distribution_points > > > > Broken in: (no value) > > > > Severity: (no value) > > > > Owner: Nobody > > > > Requestors: rad@netcraft.com > > > > Status: new > > > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > > > > Hi, > > > > I've found a bug when running P_X509_get_crl_distribution_points on an > > X509 certificate with values in the CDP extension which do not have an > > ia5 string will cause a segmentation fault when accessed. > > > > I've included a test case and a proposed patch which resolves the > > problem by only include GEN_URI strings. > > > > Note that in the test case I have provided this returns 2 items (both of > > the URIs and not the DirName) rather than include all 3. I'm not > > necessarily convinced that this is the best option - I am open to a > > different approach.
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #83795] Segfault in P_X509_get_crl_distribution_points
Date: Thu, 07 Mar 2013 09:55:32 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 2.8k
Thanks, your patch is now in SVN 368. Cheers. On Thursday, March 07, 2013 09:54:42 AM Mike McCauley wrote: Show quoted text
> Hi again, > > actually this was due to some differneces betwen 32 and 64 bit behaviour in > Net::SSLeay::ASN1_INTEGER_get. This test is now deleted. > > Cheers. > > On Thursday, March 07, 2013 08:47:26 AM you wrote:
> > Hello Robert, > > > > thanks for your patch. > > When I test your patched code here, I get: > > ... > > # Testing Net::SSLeay 1.52, Perl 5.016000, /usr/bin/perl > > # OpenSSL version: 'OpenSSL 1.0.1e 11 Feb 2013' > > # OpenSSL platform: 'platform: linux-elf' > > ... > > > > t/local/32_x509_get_cert_info.t ........ 1/1247 > > # Failed test 'serial ASN1_INTEGER_get testcert_cdp.crt.pem' > > # at t/local/32_x509_get_cert_info.t line 134. > > # got: '-1' > > # expected: '-8348367543329812679' > > > > # Failed test 'EVP_PKEY_id' > > # at t/local/32_x509_get_cert_info.t line 226. > > # got: '6' > > # expected: undef > > # Looks like you failed 2 tests of 1247. > > > > What platform(s) did you test your patch on? > > > > Cheers. > > > > On Wednesday, March 06, 2013 03:45:35 PM you wrote:
> > > Wed Mar 06 15:45:34 2013: Request 83795 was acted upon. > > > Transaction: Ticket created by rad@netcraft.com > > > > > > Queue: Net-SSLeay > > > > > > Subject: Segfault in P_X509_get_crl_distribution_points > > > > > > Broken in: (no value) > > > > > > Severity: (no value) > > > > > > Owner: Nobody > > > > > > Requestors: rad@netcraft.com > > > > > > Status: new > > > > > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > > > > > > Hi, > > > > > > I've found a bug when running P_X509_get_crl_distribution_points on an > > > X509 certificate with values in the CDP extension which do not have an > > > ia5 string will cause a segmentation fault when accessed. > > > > > > I've included a test case and a proposed patch which resolves the > > > problem by only include GEN_URI strings. > > > > > > Note that in the test case I have provided this returns 2 items (both of > > > the URIs and not the DirName) rather than include all 3. I'm not > > > necessarily convinced that this is the best option - I am open to a > > > different approach.
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #83795] Segfault in P_X509_get_crl_distribution_points
Date: Thu, 7 Mar 2013 08:10:14 +0000
To: "bug-Net-SSLeay [...] rt.cpan.org" <bug-Net-SSLeay [...] rt.cpan.org>
From: Robert Duncan <rad [...] netcraft.com>
Download (untitled) / with headers
text/plain 3.4k
Patch was tested on 64-bit RHEL5. (OpenSSL 0.9.8). EVP_PKEY_id is not available in this version of openssl, so that may explain the lack of the property in the dump. I note that you have included the changes to t/local/32_x509_get_cert_info.t but not included the pen/pem_dump in SVN. Presumably adding EVP_PKEY_id => 6 would be sufficient for it to pass? Thanks, On 06/03/2013 23:55, "mikem@open.com.au via RT" <bug-Net-SSLeay@rt.cpan.org> wrote: Show quoted text
><URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > >Thanks, your patch is now in SVN 368. > >Cheers. > > >On Thursday, March 07, 2013 09:54:42 AM Mike McCauley wrote:
>> Hi again, >> >> actually this was due to some differneces betwen 32 and 64 bit >>behaviour in >> Net::SSLeay::ASN1_INTEGER_get. This test is now deleted. >> >> Cheers. >> >> On Thursday, March 07, 2013 08:47:26 AM you wrote:
>> > Hello Robert, >> > >> > thanks for your patch. >> > When I test your patched code here, I get: >> > ... >> > # Testing Net::SSLeay 1.52, Perl 5.016000, /usr/bin/perl >> > # OpenSSL version: 'OpenSSL 1.0.1e 11 Feb 2013' >> > # OpenSSL platform: 'platform: linux-elf' >> > ... >> > >> > t/local/32_x509_get_cert_info.t ........ 1/1247 >> > # Failed test 'serial ASN1_INTEGER_get testcert_cdp.crt.pem' >> > # at t/local/32_x509_get_cert_info.t line 134. >> > # got: '-1' >> > # expected: '-8348367543329812679' >> > >> > # Failed test 'EVP_PKEY_id' >> > # at t/local/32_x509_get_cert_info.t line 226. >> > # got: '6' >> > # expected: undef >> > # Looks like you failed 2 tests of 1247. >> > >> > What platform(s) did you test your patch on? >> > >> > Cheers. >> > >> > On Wednesday, March 06, 2013 03:45:35 PM you wrote:
>> > > Wed Mar 06 15:45:34 2013: Request 83795 was acted upon. >> > > Transaction: Ticket created by rad@netcraft.com >> > > >> > > Queue: Net-SSLeay >> > > >> > > Subject: Segfault in P_X509_get_crl_distribution_points >> > > >> > > Broken in: (no value) >> > > >> > > Severity: (no value) >> > > >> > > Owner: Nobody >> > > >> > > Requestors: rad@netcraft.com >> > > >> > > Status: new >> > > >> > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > >> > > >> > > Hi, >> > > >> > > I've found a bug when running P_X509_get_crl_distribution_points on
>>an
>> > > X509 certificate with values in the CDP extension which do not have
>>an
>> > > ia5 string will cause a segmentation fault when accessed. >> > > >> > > I've included a test case and a proposed patch which resolves the >> > > problem by only include GEN_URI strings. >> > > >> > > Note that in the test case I have provided this returns 2 items
>>(both of
>> > > the URIs and not the DirName) rather than include all 3. I'm not >> > > necessarily convinced that this is the best option - I am open to a >> > > different approach.
>-- >Mike McCauley mikem@open.com.au >Open System Consultants Pty. Ltd >9 Bulbul Place Currumbin Waters QLD 4223 Australia >http://www.open.com.au >Phone +61 7 5598-7474 Fax +61 7 5598-7070 > >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare >etc. > >
Subject: Re: [rt.cpan.org #83795] Segfault in P_X509_get_crl_distribution_points
Date: Thu, 07 Mar 2013 18:38:17 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 3.9k
Hi Robert, On Thursday, March 07, 2013 03:10:30 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > > Patch was tested on 64-bit RHEL5. (OpenSSL 0.9.8). EVP_PKEY_id is not > available in this version of openssl, so that may explain the lack of the > property in the dump. > > I note that you have included the changes to > t/local/32_x509_get_cert_info.t but not included the pen/pem_dump in SVN. > Presumably adding EVP_PKEY_id => 6 would be sufficient for it to pass?
Oops I left your new files out of svn. Added. You may notice that I have regenerated the dump file locally and the id is now there. Cheers. Show quoted text
> > Thanks, > > On 06/03/2013 23:55, "mikem@open.com.au via RT" > > <bug-Net-SSLeay@rt.cpan.org> wrote:
> ><URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > > > >Thanks, your patch is now in SVN 368. > > > >Cheers. > > > >On Thursday, March 07, 2013 09:54:42 AM Mike McCauley wrote:
> >> Hi again, > >> > >> actually this was due to some differneces betwen 32 and 64 bit > >> > >>behaviour in > >> > >> Net::SSLeay::ASN1_INTEGER_get. This test is now deleted. > >> > >> Cheers. > >> > >> On Thursday, March 07, 2013 08:47:26 AM you wrote:
> >> > Hello Robert, > >> > > >> > thanks for your patch. > >> > When I test your patched code here, I get: > >> > ... > >> > # Testing Net::SSLeay 1.52, Perl 5.016000, /usr/bin/perl > >> > # OpenSSL version: 'OpenSSL 1.0.1e 11 Feb 2013' > >> > # OpenSSL platform: 'platform: linux-elf' > >> > ... > >> > > >> > t/local/32_x509_get_cert_info.t ........ 1/1247 > >> > # Failed test 'serial ASN1_INTEGER_get testcert_cdp.crt.pem' > >> > # at t/local/32_x509_get_cert_info.t line 134. > >> > # got: '-1' > >> > # expected: '-8348367543329812679' > >> > > >> > # Failed test 'EVP_PKEY_id' > >> > # at t/local/32_x509_get_cert_info.t line 226. > >> > # got: '6' > >> > # expected: undef > >> > # Looks like you failed 2 tests of 1247. > >> > > >> > What platform(s) did you test your patch on? > >> > > >> > Cheers. > >> > > >> > On Wednesday, March 06, 2013 03:45:35 PM you wrote:
> >> > > Wed Mar 06 15:45:34 2013: Request 83795 was acted upon. > >> > > Transaction: Ticket created by rad@netcraft.com > >> > > > >> > > Queue: Net-SSLeay > >> > > > >> > > Subject: Segfault in P_X509_get_crl_distribution_points > >> > > > >> > > Broken in: (no value) > >> > > > >> > > Severity: (no value) > >> > > > >> > > Owner: Nobody > >> > > > >> > > Requestors: rad@netcraft.com > >> > > > >> > > Status: new > >> > > > >> > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > >> > > > >> > > Hi, > >> > > > >> > > I've found a bug when running P_X509_get_crl_distribution_points on
> >> > >>an > >>
> >> > > X509 certificate with values in the CDP extension which do not have
> >> > >>an > >>
> >> > > ia5 string will cause a segmentation fault when accessed. > >> > > > >> > > I've included a test case and a proposed patch which resolves the > >> > > problem by only include GEN_URI strings. > >> > > > >> > > Note that in the test case I have provided this returns 2 items
> >> > >>(both of > >>
> >> > > the URIs and not the DirName) rather than include all 3. I'm not > >> > > necessarily convinced that this is the best option - I am open to a > >> > > different approach.
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
From: dsteinbrunner [...] pobox.com
Download (untitled) / with headers
text/plain 224b
On Thu Mar 07 03:38:39 2013, mikem@open.com.au wrote: Show quoted text
> Oops I left your new files out of svn. Added. > You may notice that I have regenerated the dump file locally and the > id is now there.
Should this ticket be closed?
Yes. Closed.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.