coding error in x509_vpm.c - param_cmp
Curtis Villamizar
curtis at ipv6.occnc.com
Mon Sep 21 19:16:59 UTC 2015
Hi there openssl experts,
It appears as though callers expect param_cmp to return 1 on success
and zero otherwise. strcmp returns zero if the two strings match.
See patch below in between the lines with 60 "-" character.
------------------------------------------------------------
--- crypto/x509/x509_vpm.c.orig 2015-07-09 07:57:15.000000000 -0400
+++ crypto/x509/x509_vpm.c 2015-09-21 14:58:52.191117000 -0400
@@ -591,7 +591,7 @@
static int param_cmp(const X509_VERIFY_PARAM *const *a,
const X509_VERIFY_PARAM *const *b)
{
- return strcmp((*a)->name, (*b)->name);
+ return (0 == strcmp((*a)->name, (*b)->name));
}
int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
------------------------------------------------------------
Hi there FreeBSDers,
I've added this locally as files/patch-crypto_x509_x509_vpm.c in
/usr/ports/security/openssl. Please pick this up as a patch file in
the security/openssl port until fixed in openssl.
btw- I cc'd freebsd-ports in case anyone else runs into this and Cc'd
the port maintainer in case he doesn't read every message on that list
(very likely if he has a life and/or a job).
Curtis
More information about the freebsd-ports
mailing list