On Sun, 2010-05-09 at 12:12 +0100, David Woodhouse wrote:
> Although that's OK for my purposes, I think it's actually a bug. The man
> page for PKCS12_parse() says that *ca can be a valid stack, in which
> case additional certificates are appended to *ca.
>
> It _doesn't_ say "oh, but if parsing fails because the user fat-fingered
> the passphrase, we'll completely free your carefully pre-generated stack
> in *ca and set *ca to NULL"
>
> Surely it shouldn't be freeing the _original_ contents of the stack
> which was passed in *ca? Those should be preserved.
My test was against 1.0.0-beta4, from Fedora 12. It looks like this has
since been fixed.
> In older versions of OpenSSL (<1.0.0-beta2), the failure mode is
> actually "... we'll free your carefully pre-generated stack in *ca but
> for extra fun, we leave *ca pointing to the now-freed memory". Which is
> the bug that I tripped over.
We should either backport the whole fix to the 0.9.8 branch, or at the
very least do this:
--- crypto/pkcs12/p12_kiss.c 5 Nov 2008 18:36:46 -0000 1.20.2.1
+++ crypto/pkcs12/p12_kiss.c 9 May 2010 12:27:42 -0000
@@ -134,7 +134,10 @@ int PKCS12_parse(PKCS12 *p12, const char
if (pkey && *pkey) EVP_PKEY_free(*pkey);
if (cert && *cert) X509_free(*cert);
- if (ca) sk_X509_pop_free(*ca, X509_free);
+ if (ca) {
+ sk_X509_pop_free(*ca, X509_free);
+ *ca = NULL;
+ }
return 0;
}
--
David Woodhouse Open Source Technology Centre
david.woodho...@intel.com Intel Corporation
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
