Skip Menu |

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 83795
Status: resolved
Priority: 0/
Queue: Net-SSLeay
People
Owner: Nobody in particular
Requestors: rad [...] netcraft.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Wed Mar 06 15:45:34 2013 rad [...] netcraft.com - Ticket created
Subject: Segfault in P_X509_get_crl_distribution_points
Date: Wed, 06 Mar 2013 20:45:13 +0000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Robert Duncan <rad [...] netcraft.com>
Hi, I've found a bug when running P_X509_get_crl_distribution_points on an X509 certificate with values in the CDP extension which do not have an ia5 string will cause a segmentation fault when accessed. I've included a test case and a proposed patch which resolves the problem by only include GEN_URI strings. Note that in the test case I have provided this returns 2 items (both of the URIs and not the DirName) rather than include all 3. I'm not necessarily convinced that this is the best option - I am open to a different approach. -- Robert Duncan Netcraft, 2 Belmont, Bath, UK http://netcraft.com Phone: +44 1225 580672 Fax: +44 1225 448600

Message body is not shown because sender requested not to inline it.

  Wed Mar 06 17:47:45 2013 mikem [...] open.com.au - Correspondence added
Subject: Re: [rt.cpan.org #83795] Segfault in P_X509_get_crl_distribution_points
Date: Thu, 07 Mar 2013 08:47:26 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Hello Robert, thanks for your patch. When I test your patched code here, I get: ... # Testing Net::SSLeay 1.52, Perl 5.016000, /usr/bin/perl # OpenSSL version: 'OpenSSL 1.0.1e 11 Feb 2013' # OpenSSL platform: 'platform: linux-elf' ... t/local/32_x509_get_cert_info.t ........ 1/1247 # Failed test 'serial ASN1_INTEGER_get testcert_cdp.crt.pem' # at t/local/32_x509_get_cert_info.t line 134. # got: '-1' # expected: '-8348367543329812679' # Failed test 'EVP_PKEY_id' # at t/local/32_x509_get_cert_info.t line 226. # got: '6' # expected: undef # Looks like you failed 2 tests of 1247. What platform(s) did you test your patch on? Cheers. On Wednesday, March 06, 2013 03:45:35 PM you wrote: Show quoted text
> Wed Mar 06 15:45:34 2013: Request 83795 was acted upon. > Transaction: Ticket created by rad@netcraft.com > Queue: Net-SSLeay > Subject: Segfault in P_X509_get_crl_distribution_points > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: rad@netcraft.com > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > > > Hi, > > I've found a bug when running P_X509_get_crl_distribution_points on an > X509 certificate with values in the CDP extension which do not have an > ia5 string will cause a segmentation fault when accessed. > > I've included a test case and a proposed patch which resolves the > problem by only include GEN_URI strings. > > Note that in the test case I have provided this returns 2 items (both of > the URIs and not the DirName) rather than include all 3. I'm not > necessarily convinced that this is the best option - I am open to a > different approach.
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
  Wed Mar 06 17:47:46 2013 The RT System itself - Status changed from 'new' to 'open'
  Wed Mar 06 18:55:06 2013 mikem [...] open.com.au - Correspondence added
Subject: Re: [rt.cpan.org #83795] Segfault in P_X509_get_crl_distribution_points
Date: Thu, 07 Mar 2013 09:54:42 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Hi again, actually this was due to some differneces betwen 32 and 64 bit behaviour in Net::SSLeay::ASN1_INTEGER_get. This test is now deleted. Cheers. On Thursday, March 07, 2013 08:47:26 AM you wrote: Show quoted text
> Hello Robert, > > thanks for your patch. > When I test your patched code here, I get: > ... > # Testing Net::SSLeay 1.52, Perl 5.016000, /usr/bin/perl > # OpenSSL version: 'OpenSSL 1.0.1e 11 Feb 2013' > # OpenSSL platform: 'platform: linux-elf' > ... > > t/local/32_x509_get_cert_info.t ........ 1/1247 > # Failed test 'serial ASN1_INTEGER_get testcert_cdp.crt.pem' > # at t/local/32_x509_get_cert_info.t line 134. > # got: '-1' > # expected: '-8348367543329812679' > > # Failed test 'EVP_PKEY_id' > # at t/local/32_x509_get_cert_info.t line 226. > # got: '6' > # expected: undef > # Looks like you failed 2 tests of 1247. > > What platform(s) did you test your patch on? > > Cheers. > > On Wednesday, March 06, 2013 03:45:35 PM you wrote:
> > Wed Mar 06 15:45:34 2013: Request 83795 was acted upon. > > Transaction: Ticket created by rad@netcraft.com > > > > Queue: Net-SSLeay > > > > Subject: Segfault in P_X509_get_crl_distribution_points > > > > Broken in: (no value) > > > > Severity: (no value) > > > > Owner: Nobody > > > > Requestors: rad@netcraft.com > > > > Status: new > > > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > > > > Hi, > > > > I've found a bug when running P_X509_get_crl_distribution_points on an > > X509 certificate with values in the CDP extension which do not have an > > ia5 string will cause a segmentation fault when accessed. > > > > I've included a test case and a proposed patch which resolves the > > problem by only include GEN_URI strings. > > > > Note that in the test case I have provided this returns 2 items (both of > > the URIs and not the DirName) rather than include all 3. I'm not > > necessarily convinced that this is the best option - I am open to a > > different approach.
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
  Wed Mar 06 18:55:52 2013 mikem [...] open.com.au - Correspondence added
Subject: Re: [rt.cpan.org #83795] Segfault in P_X509_get_crl_distribution_points
Date: Thu, 07 Mar 2013 09:55:32 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Thanks, your patch is now in SVN 368. Cheers. On Thursday, March 07, 2013 09:54:42 AM Mike McCauley wrote: Show quoted text
> Hi again, > > actually this was due to some differneces betwen 32 and 64 bit behaviour in > Net::SSLeay::ASN1_INTEGER_get. This test is now deleted. > > Cheers. > > On Thursday, March 07, 2013 08:47:26 AM you wrote:
> > Hello Robert, > > > > thanks for your patch. > > When I test your patched code here, I get: > > ... > > # Testing Net::SSLeay 1.52, Perl 5.016000, /usr/bin/perl > > # OpenSSL version: 'OpenSSL 1.0.1e 11 Feb 2013' > > # OpenSSL platform: 'platform: linux-elf' > > ... > > > > t/local/32_x509_get_cert_info.t ........ 1/1247 > > # Failed test 'serial ASN1_INTEGER_get testcert_cdp.crt.pem' > > # at t/local/32_x509_get_cert_info.t line 134. > > # got: '-1' > > # expected: '-8348367543329812679' > > > > # Failed test 'EVP_PKEY_id' > > # at t/local/32_x509_get_cert_info.t line 226. > > # got: '6' > > # expected: undef > > # Looks like you failed 2 tests of 1247. > > > > What platform(s) did you test your patch on? > > > > Cheers. > > > > On Wednesday, March 06, 2013 03:45:35 PM you wrote:
> > > Wed Mar 06 15:45:34 2013: Request 83795 was acted upon. > > > Transaction: Ticket created by rad@netcraft.com > > > > > > Queue: Net-SSLeay > > > > > > Subject: Segfault in P_X509_get_crl_distribution_points > > > > > > Broken in: (no value) > > > > > > Severity: (no value) > > > > > > Owner: Nobody > > > > > > Requestors: rad@netcraft.com > > > > > > Status: new > > > > > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > > > > > > Hi, > > > > > > I've found a bug when running P_X509_get_crl_distribution_points on an > > > X509 certificate with values in the CDP extension which do not have an > > > ia5 string will cause a segmentation fault when accessed. > > > > > > I've included a test case and a proposed patch which resolves the > > > problem by only include GEN_URI strings. > > > > > > Note that in the test case I have provided this returns 2 items (both of > > > the URIs and not the DirName) rather than include all 3. I'm not > > > necessarily convinced that this is the best option - I am open to a > > > different approach.
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
  Thu Mar 07 03:10:28 2013 rad [...] netcraft.com - Correspondence added
Subject: Re: [rt.cpan.org #83795] Segfault in P_X509_get_crl_distribution_points
Date: Thu, 7 Mar 2013 08:10:14 +0000
To: "bug-Net-SSLeay [...] rt.cpan.org" <bug-Net-SSLeay [...] rt.cpan.org>
From: Robert Duncan <rad [...] netcraft.com>
Patch was tested on 64-bit RHEL5. (OpenSSL 0.9.8). EVP_PKEY_id is not available in this version of openssl, so that may explain the lack of the property in the dump. I note that you have included the changes to t/local/32_x509_get_cert_info.t but not included the pen/pem_dump in SVN. Presumably adding EVP_PKEY_id => 6 would be sufficient for it to pass? Thanks, On 06/03/2013 23:55, "mikem@open.com.au via RT" <bug-Net-SSLeay@rt.cpan.org> wrote: Show quoted text
><URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > >Thanks, your patch is now in SVN 368. > >Cheers. > > >On Thursday, March 07, 2013 09:54:42 AM Mike McCauley wrote:
>> Hi again, >> >> actually this was due to some differneces betwen 32 and 64 bit >>behaviour in >> Net::SSLeay::ASN1_INTEGER_get. This test is now deleted. >> >> Cheers. >> >> On Thursday, March 07, 2013 08:47:26 AM you wrote:
>> > Hello Robert, >> > >> > thanks for your patch. >> > When I test your patched code here, I get: >> > ... >> > # Testing Net::SSLeay 1.52, Perl 5.016000, /usr/bin/perl >> > # OpenSSL version: 'OpenSSL 1.0.1e 11 Feb 2013' >> > # OpenSSL platform: 'platform: linux-elf' >> > ... >> > >> > t/local/32_x509_get_cert_info.t ........ 1/1247 >> > # Failed test 'serial ASN1_INTEGER_get testcert_cdp.crt.pem' >> > # at t/local/32_x509_get_cert_info.t line 134. >> > # got: '-1' >> > # expected: '-8348367543329812679' >> > >> > # Failed test 'EVP_PKEY_id' >> > # at t/local/32_x509_get_cert_info.t line 226. >> > # got: '6' >> > # expected: undef >> > # Looks like you failed 2 tests of 1247. >> > >> > What platform(s) did you test your patch on? >> > >> > Cheers. >> > >> > On Wednesday, March 06, 2013 03:45:35 PM you wrote:
>> > > Wed Mar 06 15:45:34 2013: Request 83795 was acted upon. >> > > Transaction: Ticket created by rad@netcraft.com >> > > >> > > Queue: Net-SSLeay >> > > >> > > Subject: Segfault in P_X509_get_crl_distribution_points >> > > >> > > Broken in: (no value) >> > > >> > > Severity: (no value) >> > > >> > > Owner: Nobody >> > > >> > > Requestors: rad@netcraft.com >> > > >> > > Status: new >> > > >> > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > >> > > >> > > Hi, >> > > >> > > I've found a bug when running P_X509_get_crl_distribution_points on
>>an
>> > > X509 certificate with values in the CDP extension which do not have
>>an
>> > > ia5 string will cause a segmentation fault when accessed. >> > > >> > > I've included a test case and a proposed patch which resolves the >> > > problem by only include GEN_URI strings. >> > > >> > > Note that in the test case I have provided this returns 2 items
>>(both of
>> > > the URIs and not the DirName) rather than include all 3. I'm not >> > > necessarily convinced that this is the best option - I am open to a >> > > different approach.
>-- >Mike McCauley mikem@open.com.au >Open System Consultants Pty. Ltd >9 Bulbul Place Currumbin Waters QLD 4223 Australia >http://www.open.com.au >Phone +61 7 5598-7474 Fax +61 7 5598-7070 > >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare >etc. > >
  Thu Mar 07 03:38:39 2013 mikem [...] open.com.au - Correspondence added
Subject: Re: [rt.cpan.org #83795] Segfault in P_X509_get_crl_distribution_points
Date: Thu, 07 Mar 2013 18:38:17 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Hi Robert, On Thursday, March 07, 2013 03:10:30 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > > Patch was tested on 64-bit RHEL5. (OpenSSL 0.9.8). EVP_PKEY_id is not > available in this version of openssl, so that may explain the lack of the > property in the dump. > > I note that you have included the changes to > t/local/32_x509_get_cert_info.t but not included the pen/pem_dump in SVN. > Presumably adding EVP_PKEY_id => 6 would be sufficient for it to pass?
Oops I left your new files out of svn. Added. You may notice that I have regenerated the dump file locally and the id is now there. Cheers. Show quoted text
> > Thanks, > > On 06/03/2013 23:55, "mikem@open.com.au via RT" > > <bug-Net-SSLeay@rt.cpan.org> wrote:
> ><URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > > > >Thanks, your patch is now in SVN 368. > > > >Cheers. > > > >On Thursday, March 07, 2013 09:54:42 AM Mike McCauley wrote:
> >> Hi again, > >> > >> actually this was due to some differneces betwen 32 and 64 bit > >> > >>behaviour in > >> > >> Net::SSLeay::ASN1_INTEGER_get. This test is now deleted. > >> > >> Cheers. > >> > >> On Thursday, March 07, 2013 08:47:26 AM you wrote:
> >> > Hello Robert, > >> > > >> > thanks for your patch. > >> > When I test your patched code here, I get: > >> > ... > >> > # Testing Net::SSLeay 1.52, Perl 5.016000, /usr/bin/perl > >> > # OpenSSL version: 'OpenSSL 1.0.1e 11 Feb 2013' > >> > # OpenSSL platform: 'platform: linux-elf' > >> > ... > >> > > >> > t/local/32_x509_get_cert_info.t ........ 1/1247 > >> > # Failed test 'serial ASN1_INTEGER_get testcert_cdp.crt.pem' > >> > # at t/local/32_x509_get_cert_info.t line 134. > >> > # got: '-1' > >> > # expected: '-8348367543329812679' > >> > > >> > # Failed test 'EVP_PKEY_id' > >> > # at t/local/32_x509_get_cert_info.t line 226. > >> > # got: '6' > >> > # expected: undef > >> > # Looks like you failed 2 tests of 1247. > >> > > >> > What platform(s) did you test your patch on? > >> > > >> > Cheers. > >> > > >> > On Wednesday, March 06, 2013 03:45:35 PM you wrote:
> >> > > Wed Mar 06 15:45:34 2013: Request 83795 was acted upon. > >> > > Transaction: Ticket created by rad@netcraft.com > >> > > > >> > > Queue: Net-SSLeay > >> > > > >> > > Subject: Segfault in P_X509_get_crl_distribution_points > >> > > > >> > > Broken in: (no value) > >> > > > >> > > Severity: (no value) > >> > > > >> > > Owner: Nobody > >> > > > >> > > Requestors: rad@netcraft.com > >> > > > >> > > Status: new > >> > > > >> > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=83795 > > >> > > > >> > > Hi, > >> > > > >> > > I've found a bug when running P_X509_get_crl_distribution_points on
> >> > >>an > >>
> >> > > X509 certificate with values in the CDP extension which do not have
> >> > >>an > >>
> >> > > ia5 string will cause a segmentation fault when accessed. > >> > > > >> > > I've included a test case and a proposed patch which resolves the > >> > > problem by only include GEN_URI strings. > >> > > > >> > > Note that in the test case I have provided this returns 2 items
> >> > >>(both of > >>
> >> > > the URIs and not the DirName) rather than include all 3. I'm not > >> > > necessarily convinced that this is the best option - I am open to a > >> > > different approach.
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
  Sun Jun 23 17:43:12 2013 dsteinbrunner [...] pobox.com - Correspondence added
From: dsteinbrunner [...] pobox.com
On Thu Mar 07 03:38:39 2013, mikem@open.com.au wrote: Show quoted text
> Oops I left your new files out of svn. Added. > You may notice that I have regenerated the dump file locally and the > id is now there.
Should this ticket be closed?
  Mon Jun 24 01:34:42 2013 MIKEM [...] cpan.org - Correspondence added
Yes. Closed.
  Mon Jun 24 01:34:44 2013 MIKEM [...] cpan.org - Status changed from 'open' to 'resolved'