On Tue, Mar 26, 2002 at 02:53:22PM +0100, Maas-Maarten Zeeman wrote:
> I discovered a small bug in X509_check_private_key.
>
> EVP_PKEY *X509_get_pubkey(X509 *x)
> {
> if ((x == NULL) || (x->cert_info == NULL))
> return(NULL);
> return(X509_PUBKEY_get(x->cert_info->key));
> }
>
> int X509_check_private_key(X509 *x, EVP_PKEY *k)
> {
> EVP_PKEY *xk=NULL;
> int ok=0;
>
> --> xk=X509_get_pubkey(x); <--- the problem
> if (xk->type != k->type)
> {
>
> If this function is called with x set to NULL, it it will crash, because
> xk is not checked for NULLs.
Handling of NULL pointers is not consistent within OpenSSL.
Finally it comes down to a different point: calling X509_check_private_key()
with x=NULL is not allowed. It is as buggy as calling any function with
an invalid argument: it may crash.
Please don't take this as an offense. I simply want to say that we are aware
that we cannot handle all thinkable cases of incorrect usage of the API.
We can (and probably will) fix the issue you just pointed out, but I am
sure that you will find much more of these cases, if you start searching :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
