| Subject: | Segmentation fault in get_pem_pk |
| Date: | Thu, 23 Mar 2017 21:43:03 +0100 |
| To: | bug-Crypt-OpenSSL-PKCS10 [...] rt.cpan.org |
| From: | Christoph Biedl <debian.axhn [...] manchmal.in-ulm.de> |
Hello,
while playing with Crypt::OpenSSL::PKCS10 I managed to trigger a
segmentation fault using the get_pem_pk method. I'm not sure
whether it's correct API usage, nethertheless the library should
rather die/croak then.
Reproducer:
------------------------------------------------------
#!/usr/bin/perl
use 5.010;
use strict;
use warnings;
use Crypt::OpenSSL::PKCS10;
my $req = Crypt::OpenSSL::PKCS10->new_from_file ('server.csr');
print $req->get_pem_pk();
------------------------------------------------------
gdb backtrace:
0 0x00007ffff68a7590 in PEM_write_bio_PrivateKey () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#1 0x00007ffff6bbde63 in XS_Crypt__OpenSSL__PKCS10_get_pem_pk (my_perl=<optimized out>, cv=<optimized out>) at PKCS10.xs:557
#2 0x00005555556280c0 in Perl_pp_entersub ()
#3 0x0000555555620606 in Perl_runops_standard ()
#4 0x00005555555a66c9 in perl_run ()
#5 0x000055555557f87d in main ()
The server.csr file was created using
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Show quoted text
-----BEGIN CERTIFICATE REQUEST-----
MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAKn7xwoeJ2uaSLtnxieskoWGLzOdREGZQulJXUIS
lOroz2CqJ/JLMVrDIgM6SmKv1mb1Ui0ndLY81YWQIPUq3hNMknFgLqlL8MzYyJs4
V1ZGoKgHVETmRzNpW+YNPfS2MoLSwM+VHwNhfi3nHGxF5whtjAikmfCu4Jd9iVe/
V5ONvyuv8YX6lBYzLG8Mv8b+dbStShF7OO7vtgvgX/wsyMRsvB3vvfsUDdkkETwN
1h23ox9hTH38fZ7beS4DsKelAZAJSbqfKFmfquQquNfFuK797uHEx/AgEUXu11XY
q2gJF/6slwL4KbhjBid+FGCPek7LdsrxplCl/XaWPadLcdkCAwEAAaAAMA0GCSqG
SIb3DQEBCwUAA4IBAQAadrWhUMMhntn0QmAQoq8M/oLqSyhfxTlqjZvE7FKU/71I
roIUvyYCTRCelMZki5BoXx9wWFlfr4lFoWP9IRDa1534K7mgpBuujg6riLeB0vTn
ZQYXaYL+LpuUsN0NjFeruKEzlJ7wi5tSw1dHGIfKK1zCWVU9mjaTlEmFXDlcj4/c
gei/jVXhd4jinIApkhNCw8PLsj43J8DgtCLdY2hH8at9o0kAyIMRmo1PogW9fYdr
G6RcwP6rYXqmydpA8sAFqK+Z0WxII7Rc/vQ9aH2Ek4rhMEQ1OqPZYKjdzhApiBFt
M2Y9Ag0u2J8KbX/tSf+p5WRK+tLQRg1IwHbQntCq
-----END CERTIFICATE REQUEST-----
This happened with a few other signing request as well so I'm certain
this is not related to the signing request's content.
My system is current Debian stretch with
ii libcrypt-openssl-pkcs10-perl 0.16-2 (i.e. Crypt::OpenSSL::PKCS10 0.16)
ii libssl1.1:amd64 1.1.0e-1 (for libcrypto.so)
ii perl 5.24.1-2
Christoph
Message body not shown because it is not plain text.