[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#513539: wvstreams: Does not properly check return type of X509_REQ_verify()

Package: wvstreams
Severity: serious
Tags: security


I was looking at return codes for applications making use of
openssl functions and found this in crypto/wvx509.cc:
    int verify_result = X509_REQ_verify(certreq, pk);
    if (verify_result == 0)
        debug(WvLog::Warning, "Self signed request failed");
        return WvString::null;
        debug("Self Signed Certificate Request verifies OK!\n");

X509_REQ_verify() is a function that returns the value of
ASN1_item_verify() which can return -1 in case the message
digest type is not known or there is an out of memory condition.

I have no idea what how this is used exactly or what the
consequences of this are.

If the attacker can not specify the certificate that is being
used there probably isn't any serious problem.


Reply to: