We get a crash if we feed a cert with a CRL distribution point extension,
where the name is missing, into "openssl x509 -text ...".
Referencing through a null pointer.
The spec (RFC 2459 (PKIX Cert and CRL Profile), section 4.2.1.14)
says the distribution point name is optional in the extension. The code
was not reflecting this, assuming it was always there.
Included below is a context diff of crypto/x509v3/v3_crld.c
and an example of an offending cert.
-jb
John Bowe
[EMAIL PROTECTED]
___________________________________________________________________
% diff -c v3_crld.c.orig v3_crld.c
*** v3_crld.c.orig Sun Jan 30 18:33:32 2000
--- v3_crld.c Wed May 24 12:43:25 2000
***************
*** 87,93 ****
int i;
for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
point = sk_DIST_POINT_value(crld, i);
! if(point->distpoint->fullname) {
exts = i2v_GENERAL_NAMES(NULL,
point->distpoint->fullname, exts);
}
--- 87,94 ----
int i;
for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
point = sk_DIST_POINT_value(crld, i);
! /* Note: each "field" is optional (see RFC 2459, 4.2.1.14) */
! if(point->distpoint && point->distpoint->fullname) {
exts = i2v_GENERAL_NAMES(NULL,
point->distpoint->fullname, exts);
}
***************
*** 95,101 ****
X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
if(point->CRLissuer)
X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
! if(point->distpoint->relativename)
X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
}
return exts;
--- 96,102 ----
X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
if(point->CRLissuer)
X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
! if(point->distpoint && point->distpoint->relativename)
X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
}
return exts;
___________________________________________________________________
Offending cert, crash.pem
-----BEGIN CERTIFICATE-----
MIIETTCCAzWgAwIBAgIBJDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEP
MA0GA1UEChMGQ2VydENvMQswCQYDVQQLEwJRQTEOMAwGA1UEAxMFRWFydGgwHhcN
MDAwNTEyMjMwMzM0WhcNMTAwNTEyMjMwMzM0WjBaMQswCQYDVQQGEwJVUzEPMA0G
A1UEChMGQ2VydENvMQswCQYDVQQLEwJRQTEtMCsGA1UEAxMkVGVzdCBDZXJ0IDEy
IENSTCBEaXN0cmlidXRpb24gUG9pbnRzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQC/KZqnZ+fw02nxovQh7u04UccIsbhcNFweWjwV2fE5jI2sdMqx4ZE98tm2
2vkx8mawj1aBHPmyqg0o8C18pnHcENCZL+f3bdJ/8QyYa0xtIeEWzvwCYANXRqNZ
4/ZhJzb8DJ86QbES7Luos9Dj85B+uon7LNX3tBmCWZt4BwuWawIDAQABo4IBvzCC
AbswggG3BgNVHR8EggGuMIIBqjARoAugCYEHUkZDIDgyMoECBeAwDaAHoAWCA0RO
U4ECAXIwgYSgfqB8pHoweDELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkNlcnRDbzEM
MAoGA1UECxMDRVNTMREwDwYDVQQHEwhOZXcgWW9yazELMAkGA1UECBMCTlkxCzAJ
BgNVBAMTAkNBMR0wGwYJKoZIhvcNAQkBFg5lc3NAY2VydGNvLmNvbYECAXIwHKAW
oBSGEmh0dHA6Ly93d3cudXJpLmNvbYECAXIwEaALoAmIB2CGSAGG+EOBAgFyMA+B
AgFyogmBB1JGQyA4MjIwC4ECAXKiBYIDRE5TMIGCgQIBcqJ8pHoweDELMAkGA1UE
BhMCVVMxDzANBgNVBAoTBkNlcnRDbzEMMAoGA1UECxMDRVNTMREwDwYDVQQHEwhO
ZXcgWW9yazELMAkGA1UECBMCTlkxCzAJBgNVBAMTAkNBMR0wGwYJKoZIhvcNAQkB
Fg5lc3NAY2VydGNvLmNvbTAagQIBcqIUhhJodHRwOi8vd3d3LnVyaS5jb20wD4EC
AXKiCYgHYIZIAYb4QzANBgkqhkiG9w0BAQUFAAOCAQEAVG5ptASUvBXztHG8c4l0
mrJtFYP6Nxt0Qz9pNxuFexQjKYqQBeL20uCTTjjUq3s/K5s3HGBnNBGLnKqWBVD5
Anpb2M9vIrsbu7lv597XIDXiUUJeh7TCm8xtBGg8UdqVrk8pukfTlUmXWgoR+gjp
hypVRT/8kqj3sV1L3k0izg8Gvv1JbvNbf3nlC6qkgL+snDgdQxSh7juphmVEY7/L
IFF5LqnOPRl6VK2ZLlZa8I+C1cT5o9WZDieM4ow7ZoE6wIddII+My0V7CXsnkVn/
4njYYL+0O4NlDr4FL43S3kPxZamMz4IekdN7t6iuNUhSzA/M59mBbPUFil0Q4Szm
/g==
-----END CERTIFICATE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
