headers
Heyman, Michael | 20 Sep 2007 16:51

Bug in sigattr.c

Using the openscep 0.4.2 port on FreeBSD, scepd cored regularly when
called via the pkiclient.exe perl script. I tracked the problem down to
a debug print line in lib/sigattr.c - the printf was expecting a missing
parameter (I also found "go" instead of "got" in the same printf).

-Michael Heyman

--- sigattr.c.old	Thu Sep 20 10:09:19 2007
+++ sigattr.c	Thu Sep 20 10:09:30 2007
 <at>  <at>  -96,12 +96,12  <at>  <at> 
 	/* get the attribute as an ASN1_OCTET_STRING
*/
 	asn1 = sigattr_asn1_octet(scep, attrname);
 	if (asn1 == NULL)
 		return NULL;
 	if (debug)
-		BIO_printf(bio_err, "%s:%d: go an asn1 string for %s\n",
-			__FILE__, __LINE__);
+		BIO_printf(bio_err, "%s:%d: got an asn1 string for
%s\n",
+			__FILE__, __LINE__, attrname);
 	
 	/* unpack the ASN1_STRING into a C-String (0-terminated)
*/
 	*len = ASN1_STRING_length(asn1);
 	data = (unsigned char *)malloc(*len);
 	memcpy(data, ASN1_STRING_data(asn1), *len);
Permalink | Reply | 0 comments |
headers
Heyman, Michael | 24 Sep 2007 20:44

Bug in scepd

The scepd program was regularly core dumping when no unstructuredName
existed in a request. The bug appears to be due to an uninitialized
variable in scepldap.c:x509_to_ldap(). (patch below).

-Michael Heyman

--- scepldap.c.old	Mon Sep 24 14:33:41 2007
+++ scepldap.c	Mon Sep 24 14:32:58 2007
 <at>  <at>  -27,11 +27,11  <at>  <at> 
  *   and concatenated to give a distinguished name
  */
 char	*x509_to_ldap(scep_t *scep, X509_NAME *name) {
 	char		*dn = NULL;
 	int		ncomponents, dl = 0, nl, i, dnl;
-	X509_NAME_ENTRY	*ne;
+	X509_NAME_ENTRY	*ne = 0;
 	char		oname[1024];
 	const char	*sn;
 	ASN1_OBJECT	*us;
 	ASN1_STRING	*as;
Permalink | Reply | 0 comments |
headers
Heyman, Michael | 24 Sep 2007 21:11

Another bug in x509_to_ldap

The x509_to_ldap function would truncate a "normal" name when building
it from ASN.1. A patch that fixes the behavior is below

-Michael Heyman

--- scepldap.c.old	Mon Sep 24 15:03:07 2007
+++ scepldap.c	Mon Sep 24 15:01:05 2007
 <at>  <at>  -86,19 +86,16  <at>  <at> 
 	for (i = X509_NAME_entry_count(name) - 1; i >= 0; i--) {
 		us =
X509_NAME_ENTRY_get_object(X509_NAME_get_entry(name, i));
 		as = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,
i));
 		sn = OBJ_nid2sn(OBJ_obj2nid(us));
 		nl = strlen(sn) + as->length + 1;
-		if (dl == 0) { nl += 2; }
-		dn = (char *)realloc(dn, dl + nl + 2);
-		snprintf(dn + dl, nl + 2, "%s%s=%*.*s",
-			(dl == 0) ? "" : ",", us->sn, as->length,
as->length,
+        if (dl) { ++nl; }
+        dn = (char *)realloc(dn, dl + nl + 1);
+        snprintf(dn + dl, nl + 1, "%s%s=%*.*s",
+                (dl) ? "," : "", sn, as->length, as->length,
 			as->data);
-		if (dl == 0)
-			dl = nl;
-		else
-			dl += nl + 1;
+        dl += nl;
(Continue reading)

Permalink | Reply | 0 comments |

Gmane