"Götz Babin-Ebell via RT" wrote:
Oups. It seems I didn't mention the OpenSSL version: 0.9.6c / 0.9.7 (snap from 28.05.2002) Sorry... > Hello folks, > > there seems to be a bug in pkcs12/p12_kiss.c: > > PKCS12_parse(): > > if you enter the function with an allocated > ca stack and the parse fails, > the ca stack will be deallocated and the pointer not cleared. [...] > [...] > int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 > **cert, > STACK_OF(X509) **ca) > { > int freeca=0; > /* Check for NULL PKCS12 structure */ > > if(!p12) { > > PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER); > return 0; > } > > /* Allocate stack for ca certificates if needed */ > if ((ca != NULL) && (*ca == NULL)) { > if (!(*ca = sk_X509_new_null())) { > > PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); > return 0; > } > freeca=1; > } > [...] > err: > > if (pkey && *pkey) EVP_PKEY_free(*pkey); > if (cert && *cert) X509_free(*cert); > if (ca && freeca) sk_X509_pop_free(*ca, X509_free); > return 0; > [...] Bye Goetz -- Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]