Hi,
Find attached a patch to fix a crash in openssl/x509.c file when
XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT is set.
Actually when the error message is created it uses the 'subject'
variable but as the variable has been released before, it leads to a crash.
Frank
Index: x509.c
===================================================================
--- x509.c (revision 38664)
+++ x509.c (working copy)
@@ -1084,7 +1245,6 @@
cert = xmlSecOpenSSLX509StoreFindCert(x509Store, subject, NULL, NULL,
NULL, keyInfoCtx);
if(cert == NULL){
- xmlFree(subject);
if((keyInfoCtx->flags &
XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -1093,8 +1253,11 @@
XMLSEC_ERRORS_R_CERT_NOT_FOUND,
"subject=%s",
xmlSecErrorsSafeString(subject));
+ xmlFree(subject);
return(-1);
}
+ xmlFree(subject);
+
return(0);
}
@@ -1257,8 +1420,6 @@
cert = xmlSecOpenSSLX509StoreFindCert(x509Store, NULL, issuerName,
issuerSerial, NULL, keyInfoCtx);
if(cert == NULL){
- xmlFree(issuerSerial);
- xmlFree(issuerName);
if((keyInfoCtx->flags &
XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -1268,8 +1429,12 @@
"issuerName=%s;issuerSerial=%s",
xmlSecErrorsSafeString(issuerName),
xmlSecErrorsSafeString(issuerSerial));
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
return(-1);
}
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
return(0);
}
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
