"Götz Babin-Ebell via RT" wrote:
Oups.
It seems I didn't mention the OpenSSL version:
0.9.6c / 0.9.7 (snap from 28.05.2002)
Sorry...
> Hello folks,
>
> there seems to be a bug in pkcs12/p12_kiss.c:
>
> PKCS12_parse():
>
> if you enter the function with an allocated
> ca stack and the parse fails,
> the ca stack will be deallocated and the pointer not cleared.
[...]
> [...]
> int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509
> **cert,
> STACK_OF(X509) **ca)
> {
> int freeca=0;
> /* Check for NULL PKCS12 structure */
>
> if(!p12) {
>
> PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
> return 0;
> }
>
> /* Allocate stack for ca certificates if needed */
> if ((ca != NULL) && (*ca == NULL)) {
> if (!(*ca = sk_X509_new_null())) {
>
> PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
> return 0;
> }
> freeca=1;
> }
> [...]
> err:
>
> if (pkey && *pkey) EVP_PKEY_free(*pkey);
> if (cert && *cert) X509_free(*cert);
> if (ca && freeca) sk_X509_pop_free(*ca, X509_free);
> return 0;
> [...]
Bye
Goetz
--
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
