I believe that I have found a bug in the above file and would like for someone
else to santiy check it.
At line 290 in a_utctm.c, a separate code block is being used if the library
needs to call gmtime_r() to get the time structure. The value is stored in a
temporary (data) that is declared in this code block. The address of the
temporary is assigned to an "external" variable tm. This can cause some
memory corruption problems. The memory corruption would occur if the compiler
removes the memory allocated to the temporary after the code block is done. The
derefencing of tm a couple of lines later could result in a SIGSEGV because that
memory has been returned. The solution to this problem is to remove the code
block and declare struct tm data at the beginning of
ASN1_UTCTIME_cmp_time_t().
Darin Broady
[EMAIL PROTECTED]
Lexmark International, Inc.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
