On Mon, Aug 01, 2005 at 02:32:50AM -0700, Dirk-Willem van Gulik wrote: > Ok found the problem; turns out that if openssl does not have the > extension hardcoded in its objects.c (from objects.txt in crypto/objects; > compiled by a objects.pl perl scripts) then X509V3_EXT_print() does not do > anything sensible with that string unless the flag > X509V3_EXT_PARSE_UNKNOWN or X509V3_EXT_DUMP_UNKNOWN is passed. (And Martin > his code does then sensibly ignore it). > > But once you pass either of these flags it then yields a string which is > not proberly terminated - hence making it possible for a bad cert to > segfault the server. Plus the format in any case not usable for any proper > access control.
The fix for the lack of NUL-termination is to use apr_pstrmemdup, that part of ssl_ext_lookup() wasn't successfully copy'n'pasted though. But if OpenSSL doesn't know a printable representation for the particular extension you care about then I'd guess the best fix is to add such support to OpenSSL not to try and fudge round it in mod_ssl? joe
