Bug#513539: wvstreams: Does not properly check return type of X509_REQ_verify()

To: submit@bugs.debian.org
Subject: Bug#513539: wvstreams: Does not properly check return type of X509_REQ_verify()
From: Kurt Roeckx <kurt@roeckx.be>
Date: Fri, 30 Jan 2009 00:22:40 +0100
Message-id: <[🔎] 20090129232240.GA13018@roeckx.be>
Reply-to: Kurt Roeckx <kurt@roeckx.be>, 513539@bugs.debian.org

Package: wvstreams
Severity: serious
Tags: security

Hi,

I was looking at return codes for applications making use of
openssl functions and found this in crypto/wvx509.cc:
    int verify_result = X509_REQ_verify(certreq, pk);
    if (verify_result == 0)
    {
        debug(WvLog::Warning, "Self signed request failed");
        X509_REQ_free(certreq);
        EVP_PKEY_free(pk);
        return WvString::null;
    }
    else
    {
        debug("Self Signed Certificate Request verifies OK!\n");
    }

X509_REQ_verify() is a function that returns the value of
ASN1_item_verify() which can return -1 in case the message
digest type is not known or there is an out of memory condition.

I have no idea what how this is used exactly or what the
consequences of this are.

If the attacker can not specify the certificate that is being
used there probably isn't any serious problem.


Kurt

Reply to:

Prev by Date: Bug#500884: marked as done (New upstream version 0.8.10)
Next by Date: Processing of mped_5.1.1-1_i386.changes
Previous by thread: Bug#500884: marked as done (New upstream version 0.8.10)
Next by thread: Processing of mped_5.1.1-1_i386.changes
Index(es):
- Date
- Thread