OpenSSL version: 0.9.8o You can see line 659 of apps/pkcs12.c blindly dereferences a possibly null pointer. Attached is a bomb.p12 file which will let you exercise the bug and a patch that fixes it.
Warning: bomb.p12 may or may not be a valid PKCS12 file, it is early output from new software, but it will trip this bug and pass openssl's remaining processing. Before fixing the bug you will get this... $ openssl pkcs12 -nomacver -in bomb.p12 -info Enter Import Password: <no password, hit enter> Segmentation fault After fixing the bug you will get this... $ openssl pkcs12 -nomacver -in bomb.p12 -info Enter Import Password: <no password, hit enter> PKCS7 Data Certificate bag Bag Attributes: <No Attributes> subject=/CN=core.studt.net issuer=/CN=JimTest6 -----BEGIN CERTIFICATE----- MIICYDCCAcmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhKaW1U ...
pkcs12.patch
Description: Binary data
bomb.p12
Description: application/pkcs12
smime.p7s
Description: S/MIME cryptographic signature
