Package: openssl Version: 0.9.8g-14 Severity: normal
The openssl command line tool sometimes segfaults when a IPv6 address is given as SubjectAltName in an X.509_v3 extension. Steps to reproduce: copy the attached files into the same directory and issue openssl req -config ssl.conf -new -key privkey.pem -out newreq.pem valgrind: ==19593== Process terminating with default action of signal 11 (SIGSEGV) ==19593== Access not within mapped region at address 0x491BD0C ==19593== at 0x4024A30: memcpy (mc_replace_strmem.c:402) ==19593== by 0x415FFBA: ASN1_STRING_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8) ==19593== by 0x414955A: ASN1_OCTET_STRING_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8) ==19593== by 0x4177A05: a2i_IPADDRESS (in /usr/lib/i686/cmov/libcrypto.so.0.9.8) ==19593== by 0x4178887: v2i_GENERAL_NAME_ex (in /usr/lib/i686/cmov/libcrypto.so.0.9.8) ==19593== by 0x4178B7A: v2i_GENERAL_NAME (in /usr/lib/i686/cmov/libcrypto.so.0.9.8) -- System Information: Debian Release: lenny/sid APT prefers stable APT policy: (990, 'stable'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.25-2-486 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages openssl depends on: ii libc6 2.7-16 GNU C Library: Shared libraries ii libssl0.9.8 0.9.8g-14 SSL shared libraries ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime openssl recommends no packages. -- no debconf information
-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAuWOV1YaPCfjSxRIg6nJGfI9NZWEu6YJXzXqa+05+4UH8vbD+ Zcz6RjjQ+QnV4xXYNr7kSoBqCBnIby9Ntd6kcUV7gwF3t8W9vyAkMI2W3W+hEyHn b9VYnAHVCq7BTQNn74opvuxzvt6pjvE0OKh949tlQt/I5+tqCicc0N5TtXBH0G3L TBgMtBiEcdSFEBiclkhZZk19/EAeGVthYwy3sX8oB5CXDJPXd8DyUCmcSlFuJieh ei4mdJvr/oFnPDAQR51Dw5eqENjsmt4xs0jfWd5mciOtjFb0BZ6AEtY2pzTHT1Zg 2DnZUz4XI40TTBA0nWmIR8zYfHlJ7e4YKahQ7wIDAQABAoIBAEhcImORfcs6n6nk BYz8xZ5goKjtYc4q3fKJ5Gwqm0N46hlwOBusAhPeoVJTEHTuVdIoeBrMPJak2aLs J7zRBgZgRHFB5WSJfiJXfUimOzh7FbfOB/OSpl9eJ7VfuHtC1RKeLuUijZr2deAh LWzf9yM0wzVy+4vqSx1jXs/3t1ydqJKiiU0eAWJsNfEZO/XjF3NQJ13+d4w3sSE/ payI/s6gB7lR42OVDB7Pw5hE1WVAx/DqGITEv56k2GOyWlknVpUD1b00OSDDR4yo NnECIX55w7qmfL+icP4HOqgKl16ezRqZqKLM/jaxxgGKp4Ffvj+Ql6udynz1rKe3 0WAkeoECgYEA3dNQVP8fEZkwjSPsk6KwKe/NaHWbli8m7ll6KbdcBo8A+pCLoMKe PuvOSJNnEO+PcA0iJGBabjpD2/9BJvBGDunesjTRtsXzfZaSWQPJlo+MEM8ipa2F P0Sn+adnylUwJr1gd9Y4wqpBpkz7yfc/1q23e3wktT8gepPOChMekxECgYEA1fM8 fKtLD1tM69efMhYweILGu8wWh1bGBzA9YVdlzMzWbEzuLVty21H72J0XRh6b6S83 6erRUFpTBzmMkgFb5Z74oFvftQi4b3Uv1WQIU417Q7LVkBNZKmamdKcvf/avXQX7 zWvzYz45CoZrFg0LnfQHzfv//Di9325Blx2Qo/8CgYEA01G4qJA2J8y47Ow5Ntf4 XKsfEpFfe+5FdzD0aQNNfs4Cz7Cd47Mjj6uSY59Qw1iEW+mXCfJkk7eb59u+VHr3 MsPnK/uXgTgI4y5rErPB+lWbyHObfRvV4VTldLbe8GjBK1ajrOX+QqxxSBz0jQ2m 2ju5nMDCM4wEw+FEmmJmcRECgYBgP9PHVhwnZXB+bPtOQhM+M78J/y9nZU8jLr1+ TB4c+02/XQCNYSWTqxc8hLdSsTR8u+RQlHXjyy6tAmPNz1SzQUgihBJo0+p9IeAK BL2GMRDyDMLs1Pd5DsL1mbzRuX18wNNdv6G31Oc+Z+hG/ElsnrrgHO01X6VznZte S0ulqwKBgAaz5nlPeJkHHcbSzNW28s0VfTujFf5aFeS/8yfp3V64N2ooswTQkr6y ZCwonGSsY4RhF1EoaK+UUhJI8kVnu62XXm5eKXFZUG2q/VM7ULLS4Bqsm3hPrhPH H8D3MNEEIIs7R0m7Xtnw9Pm+WAcf5G4sc0YpvakHVCZNsiMLvd4A -----END RSA PRIVATE KEY-----
RANDFILE =$ENV::HOME/.rnd [policy_match] organizationName = match [req] distinguished_name = req_distinguished_name x509_extensions = v3_ca [req_distinguished_name] countryName = US countryName_value = US countryName_default = US commonName = Common Name (eg, YOUR name) commonName_value = commonName organizationName = Organisation organizationName_value= org [v3_ca] basicConstraints = critical, CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always keyUsage = digitalSignature, nonRepudiation, keyEncipherment, keyAgreement subjectAltName = IP:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA
