This is a discussion on Re: Crash inside SMIME_read_PKCS7 if input is not MIME - Openssl ; Mats Nilsson wrote: > Hi > > [OpenSSL-0.9.7i, Windows XP, sp2] > > While hacking limited support for CMS compression on top of OpenSSL, I > accidentally sent a BER encoded CMS file (using compression) into > SMIME_read_PKCS7, which caused ...
Mats Nilsson wrote:
> [OpenSSL-0.9.7i, Windows XP, sp2]
> While hacking limited support for CMS compression on top of OpenSSL, I
> accidentally sent a BER encoded CMS file (using compression) into
> SMIME_read_PKCS7, which caused an access violation somewhere in: [Visual
> studio 6 stack dump]
> mime_param_cmp(const MIME_PARAM * const * 0x00439888, const MIME_PARAM *
> const * 0x004398e0) line 658 + 20 bytes
> MSVCRT! 77c36ff7()
> sk_find(stack_st * 0x004375e8, char * 0x0012f8ec) line 226 + 23 bytes
> SMIME_read_PKCS7(bio_st * 0x0040557c, bio_st * * 0x00437418) line 256 + 19
> Apparently, it "found" some bizarre headers in the binary stream, but was
> unable to search for a content-type header.
> Also using the command line, I managed to induce a similar crash:
> openssl smime -verify -in bash.compressed
> where 'bash.compressed' is the BER encoded compressed test file (a
> compressed 'bash' binary in a CMS envelope). Available upon request.
could you send me the data as I was unable to reproduce this problem
with arbitrary data. Do you have the same problem with newer openssl
OpenSSL Project http://www.openssl.org
Development Mailing List email@example.com
Automated List Manager firstname.lastname@example.org