Re: [openssl.org #2469] pkcs12 with "-info" segfaults if the optional macData is not present.

[Jim Studt via RT]

Perhaps the bomb.p12 got corrupted in transit? That looks a lot like feeding a 
non-ASN.1 file to openssl.

jim@rattus:~$ ls -l *.p12 ; md5sum *.p12
-rw-r--r-- 1 jim jim  718 Mar 13 12:57 bomb.p12
-rw-r--r-- 1 jim jim 1587 Mar 13 12:56 nomac.p12
41a2c4c8b8a78d906fd1ad7c14c06071  bomb.p12
7fe961d70f4520d6bd8359bfc657a449  nomac.p12

I just built 1.0.0d on a Debian squeeze machine and reran the tests with the 
same results.

I get the same problems and can see the same source error at line 650 in 
apps/pkcs12.c now.

The PKCS12 code I'm working with is improved now, attached to this message is a 
second pkcs12 file which also does not have a MAC, but is almost certainly a 
valid PKCS12 file. The password on nomac.p12 is "password".

Without fixing:

jim@rattus:~/openssl-1.0.0d/apps$ ./openssl pkcs12 -nomacver -in ~/bomb.p12 
-info
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Enter Import Password:
Segmentation fault

With fixing:

jim@rattus:~/openssl-1.0.0d/apps$ ./openssl pkcs12 -nomacver -in ~/bomb.p12 
-info
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Enter Import Password:
PKCS7 Data
Certificate bag
Bag Attributes: <No Attributes>
subject=/CN=core.studt.net
issuer=/CN=JimTest6
-----BEGIN CERTIFICATE-----
MIICYDCCAcmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhKaW1U
ZXN0NjAeFw0xMTAzMDYwMDAwMDBaFw0zODAxMTgwMDAwMDBaMBkxFzAVBgNVBAMT
DmNvcmUuc3R1ZHQubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNyG3l
N5hosB07sjxEGTv6Oq+HJ3wrD0JKO/pqejqvpuVmJQGDbHIXZz27lS3pqX552kwK
XXOLyg4ZDPX5VZtBVZ/Xqk47Lr6yqpud4nO5YNlFmC4b6ICNXSAI9RpuncLIz9aC
YwFmhkUjXI+1riqdH9sEKkE7C2q8UbuRXbLS8QIDAQABo4G9MIG6MB0GA1UdDgQW
BBRkDTNDYxEhM8upUSk/C5YeOEU9yzA7BgNVHSMENDAygBRu/B6FuCZvw8eudHki
yMDGV/bZyaEXpBUwEzERMA8GA1UEAxMISmltVGVzdDaCAQEwDwYDVR0PAQH/BAUD
AwegADAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwLAYDVR0RBCUwI6IQ
Fg5jb3JlLnN0dWR0Lm5ldKIPFg1zYmkuc3R1ZHQubmV0MA0GCSqGSIb3DQEBBQUA
A4GBACQz9X7QwHaHUdpbFep7ssafO18O4mlKKRznxN4DgfDWBpm8Wp0Lrn5xFX4L
z5kzdVMOLD2kS+C9oVce4xw2qpO08DDLBZ5noI8gussxaCbsDLcmb9u7drmEzg4c
n7vZSXLKmhISehMqUz49kdDWLkA2QwW7ocClvpBA5nY6Zoq3
-----END CERTIFICATE-----


On Mar 13, 2011, at 12:18 PM, Ben Laurie via RT wrote:

> If I run
> 
> openssl pkcs12 -nomacver -in bomb.p12 -info
> 
> on 1.0.0-stable, I get
> 
> 1211807336:error:0D07209B:asn1 encoding routines:ASN1_get_object:too 
> long:asn1_lib.c:142:
> 1211807336:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object 
> header:tasn_dec.c:1306:
> 1211807336:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested 
> asn1 
> error:tasn_dec.c:831:
> 1211807336:error:0D08303A:asn1 encoding 
> routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 
> error:tasn_dec.c:751:Field=version, Type=PKCS12

> 

nomac.p12
Description: application/pkcs12