Mats Nilsson wrote:
Hi[OpenSSL-0.9.7i, Windows XP, sp2] While hacking limited support for CMS compression on top of OpenSSL, I accidentally sent a BER encoded CMS file (using compression) into SMIME_read_PKCS7, which caused an access violation somewhere in: [Visual studio 6 stack dump] mime_param_cmp(const MIME_PARAM * const * 0x00439888, const MIME_PARAM * const * 0x004398e0) line 658 + 20 bytes MSVCRT! 77c36ff7() sk_find(stack_st * 0x004375e8, char * 0x0012f8ec) line 226 + 23 bytes SMIME_read_PKCS7(bio_st * 0x0040557c, bio_st * * 0x00437418) line 256 + 19 bytes Apparently, it "found" some bizarre headers in the binary stream, but was unable to search for a content-type header. Also using the command line, I managed to induce a similar crash: openssl smime -verify -in bash.compressed where 'bash.compressed' is the BER encoded compressed test file (a compressed 'bash' binary in a CMS envelope). Available upon request.
could you send me the data as I was unable to reproduce this problem with arbitrary data. Do you have the same problem with newer openssl version ? Cheers, Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
