[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Possible bug in OpenSSL RAND_file_name

Hi all,

I think there is a possible bug in OpenSSLs RAND_file_name.

The problem is if I clear the environment vars I get a SIGSEGV.
My test program was stunnel on a OpenBSD 2.8 Sparc machine.

# env - tcsh
# gdb stunnel
Program received signal SIGSEGV, Segmentation fault.
0x81accf8 in strlen ()
(gdb) bt
#0  0x81accf8 in strlen ()
#1  0x8080ea0 in RAND_file_name ()
#2  0x5c50 in initialize_prng ()
#3  0x5fc4 in context_init ()
#4  0x2c24 in main ()
(gdb) quit

The bug is in crypto/rand/randfile.c line 257
        if (s == NULL || *s == '\0')
          ret = RFILE;
-        if (((int)(strlen(s)+strlen(RFILE)+2)) > size)
+        else if (((int)(strlen(s)+strlen(RFILE)+2)) > size)

I think this should fix the problem.
I did not check if there are other similar problems.

:wq Claudio

Visit your host, monkey.org