Hi,
I am using Openssl_0.9.7d with Apache 2 mod-ssl on windows. Windows
crashed in the call for i2d_X509(). Following is the code snippet in
authentication plugin for Apache 2 :
X509 *xs = NULL;
unsigned char *bytes, *p;
..
..
..
xs = sslconn->client_cert;
if (xs)
{
//Debugging shows the structure of xs is fine.
len=i2d_X509(xs, NULL);
// The value is len comes out to be around 5MB (figure is aroung
5xxxxxx).
if((bytes = (unsigned char *)malloc (len)) != NULL)
{
p=bytes;
//Debugging shows the structure of xs is fine till this point.
i2d_X509(xs, &p); //Windows crashed at this call.
}
..
..
..
}
While debugging we found that the statement len=i2d_X509(xs, NULL);
returned value of len to be around 5MB. Then the second call to
i2d_X509(xs, &p); crashed windows.
On site <a style='text-decoration: underline;' href="http://www.openssl.org/news/," target="_blank">http://www.openssl.org/news/,</a> The OpenSSL Security Advisory [4
November 2003] for "Denial of Service in ASN.1 parsing" mentions about
openssl error in parsing.
The Recommendations section says use 0.9.7c. I tried this but still
windows crashed.
The site mentions "Patches for this issue have been created by Dr
Stephen Henson (steve@openssl.org) of the OpenSSL core team.". How can
I get this patch.
Can anyone please help me in this regard.
thanks and regards,
Sharad.<!-- ~MESSAGE_AFTER~ -->
FAQ
Search
Profile
Private Messages
Log in/Register/Password
