The add_cert_dir() function in openssl/crypto/x509/by_dir.c is broken.
There is a loop to detect duplicate entries but its results are ignored,
it will also go out of bounds on some malformed parameters.

See also https://bugzilla.redhat.com/bugzilla....cgi?id=206346

Patches against 0.9.8 and CVS attached.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org