Mats Nilsson wrote:
> Hi
>
> [OpenSSL-0.9.7i, Windows XP, sp2]
>
> While hacking limited support for CMS compression on top of OpenSSL, I
> accidentally sent a BER encoded CMS file (using compression) into
> SMIME_read_PKCS7, which caused an access violation somewhere in: [Visual
> studio 6 stack dump]
>
> mime_param_cmp(const MIME_PARAM * const * 0x00439888, const MIME_PARAM *
> const * 0x004398e0) line 658 + 20 bytes
> MSVCRT! 77c36ff7()
> sk_find(stack_st * 0x004375e8, char * 0x0012f8ec) line 226 + 23 bytes
> SMIME_read_PKCS7(bio_st * 0x0040557c, bio_st * * 0x00437418) line 256 + 19
> bytes
>
> Apparently, it "found" some bizarre headers in the binary stream, but was
> unable to search for a content-type header.
>
> Also using the command line, I managed to induce a similar crash:
>
> openssl smime -verify -in bash.compressed
>
> where 'bash.compressed' is the BER encoded compressed test file (a
> compressed 'bash' binary in a CMS envelope). Available upon request.


could you send me the data as I was unable to reproduce this problem
with arbitrary data. Do you have the same problem with newer openssl
version ?

Cheers,
Nils
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org