[Pkg-openssl-devel] Bug#506111: openssl command line tool crashes if IPv6 addressis given as subjectAltName
Tobias Ginzler
ginzler at fgan.de
Tue Nov 18 13:29:40 UTC 2008
Package: openssl
Version: 0.9.8g-14
Severity: normal
The openssl command line tool sometimes segfaults when a IPv6 address is
given as SubjectAltName in an X.509_v3 extension.
Steps to reproduce:
copy the attached files into the same directory and issue
openssl req -config ssl.conf -new -key privkey.pem -out newreq.pem
valgrind:
==19593== Process terminating with default action of signal 11 (SIGSEGV)
==19593== Access not within mapped region at address 0x491BD0C
==19593== at 0x4024A30: memcpy (mc_replace_strmem.c:402)
==19593== by 0x415FFBA: ASN1_STRING_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==19593== by 0x414955A: ASN1_OCTET_STRING_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==19593== by 0x4177A05: a2i_IPADDRESS (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==19593== by 0x4178887: v2i_GENERAL_NAME_ex (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==19593== by 0x4178B7A: v2i_GENERAL_NAME (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
-- System Information:
Debian Release: lenny/sid
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.25-2-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages openssl depends on:
ii libc6 2.7-16 GNU C Library: Shared libraries
ii libssl0.9.8 0.9.8g-14 SSL shared libraries
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
openssl recommends no packages.
-- no debconf information
-------------- next part --------------
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAuWOV1YaPCfjSxRIg6nJGfI9NZWEu6YJXzXqa+05+4UH8vbD+
Zcz6RjjQ+QnV4xXYNr7kSoBqCBnIby9Ntd6kcUV7gwF3t8W9vyAkMI2W3W+hEyHn
b9VYnAHVCq7BTQNn74opvuxzvt6pjvE0OKh949tlQt/I5+tqCicc0N5TtXBH0G3L
TBgMtBiEcdSFEBiclkhZZk19/EAeGVthYwy3sX8oB5CXDJPXd8DyUCmcSlFuJieh
ei4mdJvr/oFnPDAQR51Dw5eqENjsmt4xs0jfWd5mciOtjFb0BZ6AEtY2pzTHT1Zg
2DnZUz4XI40TTBA0nWmIR8zYfHlJ7e4YKahQ7wIDAQABAoIBAEhcImORfcs6n6nk
BYz8xZ5goKjtYc4q3fKJ5Gwqm0N46hlwOBusAhPeoVJTEHTuVdIoeBrMPJak2aLs
J7zRBgZgRHFB5WSJfiJXfUimOzh7FbfOB/OSpl9eJ7VfuHtC1RKeLuUijZr2deAh
LWzf9yM0wzVy+4vqSx1jXs/3t1ydqJKiiU0eAWJsNfEZO/XjF3NQJ13+d4w3sSE/
payI/s6gB7lR42OVDB7Pw5hE1WVAx/DqGITEv56k2GOyWlknVpUD1b00OSDDR4yo
NnECIX55w7qmfL+icP4HOqgKl16ezRqZqKLM/jaxxgGKp4Ffvj+Ql6udynz1rKe3
0WAkeoECgYEA3dNQVP8fEZkwjSPsk6KwKe/NaHWbli8m7ll6KbdcBo8A+pCLoMKe
PuvOSJNnEO+PcA0iJGBabjpD2/9BJvBGDunesjTRtsXzfZaSWQPJlo+MEM8ipa2F
P0Sn+adnylUwJr1gd9Y4wqpBpkz7yfc/1q23e3wktT8gepPOChMekxECgYEA1fM8
fKtLD1tM69efMhYweILGu8wWh1bGBzA9YVdlzMzWbEzuLVty21H72J0XRh6b6S83
6erRUFpTBzmMkgFb5Z74oFvftQi4b3Uv1WQIU417Q7LVkBNZKmamdKcvf/avXQX7
zWvzYz45CoZrFg0LnfQHzfv//Di9325Blx2Qo/8CgYEA01G4qJA2J8y47Ow5Ntf4
XKsfEpFfe+5FdzD0aQNNfs4Cz7Cd47Mjj6uSY59Qw1iEW+mXCfJkk7eb59u+VHr3
MsPnK/uXgTgI4y5rErPB+lWbyHObfRvV4VTldLbe8GjBK1ajrOX+QqxxSBz0jQ2m
2ju5nMDCM4wEw+FEmmJmcRECgYBgP9PHVhwnZXB+bPtOQhM+M78J/y9nZU8jLr1+
TB4c+02/XQCNYSWTqxc8hLdSsTR8u+RQlHXjyy6tAmPNz1SzQUgihBJo0+p9IeAK
BL2GMRDyDMLs1Pd5DsL1mbzRuX18wNNdv6G31Oc+Z+hG/ElsnrrgHO01X6VznZte
S0ulqwKBgAaz5nlPeJkHHcbSzNW28s0VfTujFf5aFeS/8yfp3V64N2ooswTQkr6y
ZCwonGSsY4RhF1EoaK+UUhJI8kVnu62XXm5eKXFZUG2q/VM7ULLS4Bqsm3hPrhPH
H8D3MNEEIIs7R0m7Xtnw9Pm+WAcf5G4sc0YpvakHVCZNsiMLvd4A
-----END RSA PRIVATE KEY-----
-------------- next part --------------
RANDFILE =$ENV::HOME/.rnd
[policy_match]
organizationName = match
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
[req_distinguished_name]
countryName = US
countryName_value = US
countryName_default = US
commonName = Common Name (eg, YOUR name)
commonName_value = commonName
organizationName = Organisation
organizationName_value= org
[v3_ca]
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, keyAgreement
subjectAltName = IP:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA
More information about the Pkg-openssl-devel
mailing list