[openssl.org #2516] [PATCH] Infinite loop in apps/req.c if batch mode

Scott Schaefer via RT Sun, 15 May 2011 05:43:56 -0700

This patch prevents an infinite loop in apps/req.c when run in batch 
mode and user parameter fails req_len_check().


Affects all versions; applies against revision in CVS as of May 14 2011

Originally reported as Debian Bug 404700

diff --git a/apps/req.c b/apps/req.c
--- a/apps/req.c
+++ b/apps/req.c
@@ -1490,7 +1490,13 @@
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, i);
 #endif
-	if(!req_check_len(i, n_min, n_max)) goto start;
+	if (!req_check_len(i, n_min, n_max))
+		{
+		if (!batch)
+			goto start;
+		else
+			return 0;
+		}
 	if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
 				(unsigned char *) buf, -1,-1,mval)) goto err;
 	ret=1;
@@ -1549,7 +1555,13 @@
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, i);
 #endif
-	if(!req_check_len(i, n_min, n_max)) goto start;
+	if (!req_check_len(i, n_min, n_max))
+		{
+		if (!batch)
+			goto start;
+		else
+			return 0;
+		}
 
 	if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
 					(unsigned char *)buf, -1)) {

[openssl.org #2516] [PATCH] Infinite loop in apps/req.c if batch mode

Reply via email to