Hi OpenSSL, We have an issue where in our application crashes on windows system in OpenSSL code.
Windows version: Microsoft Windows Server 2008 R2 Standard OpenSSL version: OpenSSL 9.8zf Note: We have not modified any code in 9.8zf version. Our application bundles OpenSSL binaries as DLLs and uses them to perform TLS and SSL operations. We are seeing issue while creating x509 certificate object from a public key string. Here is piece of code that can assist you: ****************************** X509 *pubKey = NULL; if (publicKey.empty()) return pubKey; BIO *bp = BIO_new(BIO_s_mem()); BIO_write(bp, publicKey.data(), (int)publicKey.size()); pubKey = X509_new(); if(NULL != pubKey) { char * buf = new char[256]; // Convert the PEM data into a certificate object if(!PEM_read_bio_X509(bp, &pubKey, 0, NULL)) { .... ****************************** The function PEM_read_bio_X509() is what is reported in the crash dump as the entry point to OpenSSL from our application. Crash dump is as below: NULL_CLASS_PTR_READ --------------------------------------------- STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. 0441f934 72e7c9ea 72e9f232 00000006 02bc5d58 libeay32!OBJ_obj2nid+0x1c 0441f938 72e9f232 00000006 02bc5d58 00000001 libeay32!OBJ_obj2nid+0xa 0441f9bc 72e92ada 72e91bb7 02bfbe78 0441fa1c libeay32!X509_NAME_oneline+0x112 0441f9c0 72e91bb7 02bfbe78 0441fa1c 00000084 libeay32!ASN1_item_ex_d2i+0x7ba 0441f9dc 72e8c090 02b53a68 00000000 00000000 libeay32!asn1_ex_c2i+0x627 0441f9f4 72e92a2a 00000005 0441fb20 72eecd10 libeay32!X509_CINF_free+0x60 0441fa34 72e92e2b 00000100 0441fab0 00000000 libeay32!ASN1_item_ex_d2i+0x70a 0441fa80 72e8c149 0441fb20 0441fab0 000001c6 libeay32!ASN1_item_d2i+0x4b 0441fa94 72e9da35 0441fb20 0441fab0 000001c6 libeay32!d2i_X509+0x19 0441fab4 72e9d7b3 72e8c130 72eeff08 02c8e980 libeay32!PEM_ASN1_read_bio+0x65 0441fad0 73ec5cd0 02c8e980 0441fb20 00000000 libeay32!PEM_read_bio_X509+0x23 00000000 00000000 00000000 00000000 00000000 sockets!XXXXXXX::stringToPublic+0xe0 ----------------------------------------------- Our Inferences: Our code works in most deployments and this crash is reported only by one user. We analyzed and observed that the user setup had more socket reads and writes during which crash occurring (Using resource monitoring tool). As it occurs seldom and intermittently, we wanted to know the cause and would request help from you. Our hunch is it could be similar to below fix mentioned in 9.8zh change log: Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015] ......... *) PKCS7 crash with missing EnvelopedContent The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. ........ Any help from you is well appreciated. Let me know if you need more details like core dump, etc. Thanks in advance. Regards, Sharan -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4582 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev