In <http://bugs.debian.org/513539> Kurt Roeckx reported:
I was looking at return codes for applications making use of
openssl functions and found this in crypto/wvx509.cc:
int verify_result = X509_REQ_verify(certreq, pk);
if (verify_result == 0)
{
debug(WvLog::Warning, "Self signed request failed");
X509_REQ_free(certreq);
EVP_PKEY_free(pk);
return WvString::null;
}
else
{
debug("Self Signed Certificate Request verifies OK!\n");
}
X509_REQ_verify() is a function that returns the value of
ASN1_item_verify() which can return -1 in case the message
digest type is not known or there is an out of memory condition.
I have no idea what how this is used exactly or what the
consequences of this are.
If the attacker can not specify the certificate that is being
used there probably isn't any serious problem.
What version of the product are you using? On what operating system?
The bug was originally reported against wvstreams 4.4.1, but it seems to exist
in 4.6.1, too.
Please provide any additional information below.
In Debian, we've fixed it with the attached patch.
Original issue reported on code.google.com by jwilk@jwilk.net on 30 Oct 2013 at 2:51
Original issue reported on code.google.com by
jwilk@jwilk.neton 30 Oct 2013 at 2:51Attachments: