In the sign() function in apps/x509.c there is code that is supposed to
copy the parameters from the supplied key to the certificate.
Unfortunately this code crashes if the key in the input certificate is
unrecognized or the X509_get_pubkey() call fails for another reason.
So at least the X509_get_pubkey() should be tested for NULL return.
But given the X509_set_pubkey() call later in the function - does it
really make sense to copy the parameters when they are overwritten
anyway? I suppose the code could be dropped altogether.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
