I couldn't agree more ("something's seriously wrong"), but I was getting
this segfault pretty regularly. I have high confidence it was caused by some
mal-coded consumer of openssl. I hope I never implied that this segfault was
the fault of openssl (necessarily).

That said, I also have high confidence that returning a failure code when
someone DOES pass in a NULL dest is considerably better than segfaulting. I
believe in defensive coding.

-- /v\atthew

On 3/23/06, Stephen Henson via RT wrote:
>
>
> [mdaniel@gmail.com - Tue Mar 21 12:26:12 2006]:
>
> >

>
> >My httpd-2.2.0 was getting segfaults due to the "dest" param being NULL,

> as
> seen below.
>
> >It would be some major pain and suffering for me to verify _why_ this

> event
> >was happening, but once the attached patch is applied, it no longer

> segfaults.
>
> There is something seriously wrong if "dest" is NULL at that point.
>
> In the function ssl_verify_cert_chain() that parameter is initialized by
> the call to X509_STORE_CTX_init(). If that initalization failed it
> should never reach that point.
>
> Steve.
>
>
>
>
>

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org