Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 490532 Details for
Bug 628908
sys-auth/pam_pkcs11 multiple issues when checking CRL
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to address CRL segfault issue
crl-openssl-api-bugs.patch (text/plain), 3.24 KB, created by
Gil Kloepfer
on 2017-08-25 12:49:11 UTC
(
hide
)
Description:
Patch to address CRL segfault issue
Filename:
MIME Type:
Creator:
Gil Kloepfer
Created:
2017-08-25 12:49:11 UTC
Size:
3.24 KB
patch
obsolete
>--- src/common/cert_vfy.c.ORIG 2016-09-28 03:32:02.000000000 -0500 >+++ src/common/cert_vfy.c 2017-06-11 23:51:57.583272950 -0500 >@@ -143,21 +143,20 @@ > static int verify_crl(X509_CRL * crl, X509_STORE_CTX * ctx) > { > int rv; >- X509_OBJECT *obj = NULL; >+ X509_OBJECT obj; > EVP_PKEY *pkey = NULL; > X509 *issuer_cert; > > /* get issuer certificate */ >- rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_CRL_get_issuer(crl), obj); >+ rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_CRL_get_issuer(crl), &obj); > if (rv <= 0) { > set_error("getting the certificate of the crl-issuer failed"); > return -1; > } > /* extract public key and verify signature */ >- issuer_cert = X509_OBJECT_get0_X509(obj); >+ issuer_cert = X509_OBJECT_get0_X509((&obj)); > pkey = X509_get_pubkey(issuer_cert); >- if (obj) >- X509_OBJECT_free(obj); >+ X509_OBJECT_free_contents(&obj); > if (pkey == NULL) { > set_error("getting the issuer's public key failed"); > return -1; >@@ -203,13 +202,14 @@ > static int check_for_revocation(X509 * x509, X509_STORE_CTX * ctx, crl_policy_t policy) > { > int rv, i, j; >- X509_OBJECT *obj = NULL; >+ X509_OBJECT obj; > X509_REVOKED *rev = NULL; > STACK_OF(DIST_POINT) * dist_points; > DIST_POINT *point; > GENERAL_NAME *name; > X509_CRL *crl; > X509 *x509_ca = NULL; >+ EVP_PKEY crl_pkey; > > DBG1("crl policy: %d", policy); > if (policy == CRLP_NONE) { >@@ -227,28 +227,27 @@ > } else if (policy == CRLP_OFFLINE) { > /* OFFLINE */ > DBG("looking for an dedicated local crl"); >- rv = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x509), obj); >+ rv = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x509), &obj); > if (rv <= 0) { > set_error("no dedicated crl available"); > return -1; > } >- crl = X509_OBJECT_get0_X509_CRL(obj); >- if (obj) >- X509_OBJECT_free(obj); >+ crl = X509_OBJECT_get0_X509_CRL((&obj)); >+ X509_OBJECT_free_contents(&obj); > } else if (policy == CRLP_ONLINE) { > /* ONLINE */ > DBG("extracting crl distribution points"); > dist_points = X509_get_ext_d2i(x509, NID_crl_distribution_points, NULL, NULL); > if (dist_points == NULL) { > /* if there is not crl distribution point in the certificate hava a look at the ca certificate */ >- rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_get_issuer_name(x509), obj); >+ rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_get_issuer_name(x509), &obj); > if (rv <= 0) { > set_error("no dedicated ca certificate available"); > return -1; > } >- x509_ca = X509_OBJECT_get0_X509(obj); >+ x509_ca = X509_OBJECT_get0_X509((&obj)); > dist_points = X509_get_ext_d2i(x509_ca, NID_crl_distribution_points, NULL, NULL); >- X509_OBJECT_free(obj); >+ X509_OBJECT_free_contents(&obj); > if (dist_points == NULL) { > set_error("neither the user nor the ca certificate does contain a crl distribution point"); > return -1; >@@ -296,10 +295,10 @@ > } else if (rv == 0) { > return 0; > } >+ DBG("checking revocation"); > rv = X509_CRL_get0_by_cert(crl, &rev, x509); > X509_CRL_free(crl); >- X509_REVOKED_free(rev); >- return (rv == -1); >+ return (rv == 0); > } > > static int add_hash( X509_LOOKUP *lookup, const char *dir) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 628908
: 490532 |
490534
|
490536