httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: Thinkng something like this for mod_auth_svn
Date Mon, 01 Aug 2005 10:41:21 GMT
On Mon, Aug 01, 2005 at 02:32:50AM -0700, Dirk-Willem van Gulik wrote:
> Ok found the problem; turns out that if openssl does not have the
> extension hardcoded in its objects.c (from objects.txt in crypto/objects;
> compiled by a objects.pl perl scripts) then X509V3_EXT_print() does not do
> anything sensible with that string unless the flag
> X509V3_EXT_PARSE_UNKNOWN or X509V3_EXT_DUMP_UNKNOWN is passed. (And Martin
> his code does then sensibly ignore it).
>
> But once you pass either of these flags it then yields a string which is
> not proberly terminated - hence making it possible for a bad cert to
> segfault the server. Plus the format in any case not usable for any proper
> access control.

The fix for the lack of NUL-termination is to use apr_pstrmemdup, that 
part of ssl_ext_lookup() wasn't successfully copy'n'pasted though.

But if OpenSSL doesn't know a printable representation for the 
particular extension you care about then I'd guess the best fix is to 
add such support to OpenSSL not to try and fudge round it in mod_ssl?

joe

Mime
View raw message