#1295 Curl exception during dump cert

closed-fixed
Dump cert (1)
2
2013-11-05
2013-11-04
Felix Yan
No

Exception happens during dump cert

Curl wants to dump a certificate from cert chain. But the certificate string doesn't have "\0" at the end(OpenSSL returned the starting address and the length of the cert). So the exception happens during do strlen() operation.

The problem is introduced from Curl 7.32.0. Checked the codes in Curl7.33.0. The problem should not be fixed in the latest version.

Function call steps about dumpcert:
static void dumpcert(struct SessionHandle data, X509 x, int numcert) // Ssluse.c
--> Curl_ssl_push_certinfo_len(data, numcert, "Cert", biomem->data, biomem->length); // Sslgen.c
// biomem->data is the starting address of certificate.
// biomem->length is the length of certificate.
--> curl_maprintf("%s:%.s", label, valuelen, value); // Mprinft.c
// valuelen is the length of certificate.
// value is the starting address of certificate.
--> dprintf_formatf(&info, alloc_addbyter, format, ap_save); // Mprinft.c
{
...
case FORMAT_STRING:
{
str = (char
) p->data.str; // "str" is the starting address of certificate.
len = strlen(str); // If the "str" is not terminate with "\0", an exception maybe happens.
...
}
}

strlen() pops up exception in my core dump.

Crul version: 7.32.0
OpenSSL version: 1.0.1e
Platform: Win7 X86

Discussion

  • Daniel Stenberg

    Daniel Stenberg - 2013-11-05
    • status: open --> closed-fixed
    • assigned_to: Daniel Stenberg
     
  • Daniel Stenberg

    Daniel Stenberg - 2013-11-05

    Thanks a lot for your report.

    I just pushed a fix for this regression so it'll be repaired in the next release. (commit 5aa290f0f209)

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks