Hi All, I'm not quite sure about this one and I would like to get some confirmation. Assuming ASN1_primitive_new (in crypto/asn1/tasn_new.c) gets called with a NULL item (it), the utype variable will be set to -1 (V_ASN1_UNDEF) in line 339. The subsequent switch statement over utype does not handle V_ASN1_UNDEF so in this case we will end up in the default clause which dereferences the item pointer in line 367. Since I do not understand enough of the code I don't have a patch for this one. I can only speculate that there was a mixup and that instead of setting utype to -1 it should have been set to V_ASN1_NULL, which is handled in the switch statement?
Regards, Dominik ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
