Skip Menu |

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 60392
Status: resolved
Worked: 10 min
Priority: 0/
Queue: Net-SSLeay
People
Owner: Nobody in particular
Requestors: SAMV [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 1.36
Fixed in: (no value)

History Show all quoted text
  Mon Aug 16 10:13:07 2010 SAMV [...] cpan.org - Ticket created
Subject: X509_NAME_get_text_by_NID - doesn't check success
Noticed this when trying to retrieve fields which do not exist on the certificate, eg with debugperl you get: panic: sv_setpvn called with negative strlen at ... Without debugperl you might just get a segfault. --- SSLeay.xs~ 2010-01-30 20:34:13.000000000 +0000 +++ SSLeay.xs 2010-08-16 15:11:24.944118967 +0100 @@ -1531,11 +1531,12 @@ CODE: ST(0) = sv_newmortal(); /* Undefined to start with */ length = X509_NAME_get_text_by_NID(name, nid, NULL, 0); - - New(0, buf, length+1, char); - if (X509_NAME_get_text_by_NID(name, nid, buf, length + 1)) - sv_setpvn( ST(0), buf, length); - Safefree(buf); + if (length>=0) { + New(0, buf, length+1, char); + if (X509_NAME_get_text_by_NID(name, nid, buf, length + 1)>=0) + sv_setpvn( ST(0), buf, length); + Safefree(buf); + } X509 * X509_STORE_CTX_get_current_cert(x509_store_ctx)
  Mon Aug 16 16:59:05 2010 MIKEM [...] cpan.org - Correspondence added 10 min
Thanks for the patch. Now fixed in SVN
  Mon Aug 16 16:59:06 2010 The RT System itself - Status changed from 'new' to 'open'
  Mon Aug 16 16:59:06 2010 MIKEM [...] cpan.org - Status changed from 'open' to 'resolved'