httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47408] New: segfault potential in modssl ssl_log_cxerror
Date Tue, 23 Jun 2009 11:56:53 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47408

           Summary: segfault potential in modssl ssl_log_cxerror
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: peter.sylvester@edelweb.fr


The ssl_log_cxerror routine in ssl_engine_log.c may receive a NULL pointer
as a certificate (caused foir exemple by some recent change in openssl.
that reurn a NULL pointer to a call to X509_STORE_CTX_get_current_cert
in some new logic concerning policy checks. 

The routine could either simply return in case of a NULL parameter
or issue a static error message.

Alternatively the few callers could be fixed not to call the routine.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message