Massimiliano Pala wrote:
>
> Hi,
>
> i probably found a bug in the ca.c program where it sorts the REVOKED
> certificate:
>
> sk_X509_REVOKED_sort(ci->revoked); /* Line 1400 ~ */
>
> the problem is related to the fact that with empty index.txt file the
> ci->revoked value is 0: this causes a segmentation fault. Fixing it
> can be done in two ways, one is checking for the ci->revoked value
> and, in case it is NULL, then we simply don't sort anything; the other
> is to check the sk_X509_REVOKED_sort (wich I think points to sk_sort)
> and allow for NULL values to be passed.
>
> What is the best solution ? Let me know. I am not sending any patch
> right now because I am waiting for suggestions about where to fix.
>
Most stack functions can tolerate a NULL argument without crashing so
I'd say sk_sort() is the best place. I've checked in a fix.
Thanks for the report.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
