[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Possible bug in OpenSSL RAND_file_name

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Possible bug in OpenSSL RAND_file_name
From: Claudio Jeker <cjeker_(_at_)_ee_(_dot_)_ethz_(_dot_)_ch>
Date: Fri, 22 Dec 2000 15:34:46 +0100
Mail-followup-to: Claudio Jeker <cjeker_(_at_)_ee_(_dot_)_ethz_(_dot_)_ch>, misc_(_at_)_openbsd_(_dot_)_org

Hi all,

I think there is a possible bug in OpenSSLs RAND_file_name.

The problem is if I clear the environment vars I get a SIGSEGV.
My test program was stunnel on a OpenBSD 2.8 Sparc machine.

# env - tcsh
# gdb stunnel
...
Program received signal SIGSEGV, Segmentation fault.
0x81accf8 in strlen ()
(gdb) bt
#0  0x81accf8 in strlen ()
#1  0x8080ea0 in RAND_file_name ()
#2  0x5c50 in initialize_prng ()
#3  0x5fc4 in context_init ()
#4  0x2c24 in main ()
(gdb) quit

The bug is in crypto/rand/randfile.c line 257
        if (s == NULL || *s == '\0')
          ret = RFILE;
-        if (((int)(strlen(s)+strlen(RFILE)+2)) > size)
+        else if (((int)(strlen(s)+strlen(RFILE)+2)) > size)
            ret=RFILE;

I think this should fix the problem.
I did not check if there are other similar problems.

-- 
:wq Claudio

Prev by Date: Re: MFS & Sendmail
Next by Date: realtek 8139 problem: one of 'm works
Previous by thread: DNS across VPNs
Next by thread: realtek 8139 problem: one of 'm works
Index(es):
- Date
- Thread

Visit your host, monkey.org