Hi OpenSSL Development Team,

I may find one bug for OpenSSL 0.9.8h.My box is HP-UX 11.31 IA.

The detail steps to reproduce the issue are as following.

Step1 Download OpenSSL 0.9.8h from official

Step2 ./configure threads zlib shared no-rc5 no-idea no-krb5
make

Step3 Try to use pkcs12
openssl req -x509 -out demoCA/cacert.pem -new -keyout demoCA/private/cakey.pem -subj /C=US/ST=California/L=Cupertino/O=Senas/CN=ca -nodes
openssl req -out ksb_cert_req.pem -new -keyout ksb_priv_key.pem -nodes -subj /C=US/ST=California/L=Cupertino/O=Senas/CN=${req_name}
openssl x509 -req -passin passass -in ksb_cert_req.pem -CA ca_cert.pem -CAkey ca_priv_key.pem -CAcreateserial -out ksb_cert.pem -days 365
openssl pkcs12 -export -passout passass -in ksb_cert.pem -inkey ksb_priv_key.pem -out ksb_cert.p12 -name "ksb certificate"

The "pkcs12" failed. (bus error, core dump)

I look into the source code and find some clues for this issue.

In crypto/x509/x509_att.c, around line 285,

int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
{
ASN1_TYPE *ttmp;
ASN1_STRING *stmp = NULL;
int atype = 0;
if (!attr) return 0;
if(attrtype & MBSTRING_FLAG) {
stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
OBJ_obj2nid(attr->object));
if(!stmp) {
X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
return 0;
}
atype = stmp->type;
} else if (len != -1){
if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
if(!ASN1_STRING_set(stmp, data, len)) goto err;
atype = attrtype;
}
if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
if(!(ttmp = ASN1_TYPE_new())) goto err;
if (len == -1)
{
if (!ASN1_TYPE_set1(ttmp, attrtype, data))
goto err;
}
else
ASN1_TYPE_set(ttmp, atype, stmp);
if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
attr->single = 0;
return 1;
err:
X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
return 0;
}

For the "len == -1" branch, "ASN1_TYPE_set1(ttmp, attrtype, data)" is wrong. Maybe it should be "ASN1_TYPE_set1(ttmp, attrtype, stmp)".
After this modification, the pkcs12 function works fine.

Could you investigate this issue?
Thank you!

Bo
__________________________________________________ _______________
MSN *文网,最新时尚生活资讯,白领聚 门户。
http://cn.msn.com

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org