bugzilla at apache
Jun 23, 2009, 4:56 AM
Post #1 of 1
(154 views)
Permalink
|
|
[Bug 47408] New: segfault potential in modssl ssl_log_cxerror
|
|
https://issues.apache.org/bugzilla/show_bug.cgi?id=47408
Summary: segfault potential in modssl ssl_log_cxerror
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
AssignedTo: bugs[at]httpd.apache.org
ReportedBy: peter.sylvester[at]edelweb.fr
The ssl_log_cxerror routine in ssl_engine_log.c may receive a NULL pointer
as a certificate (caused foir exemple by some recent change in openssl.
that reurn a NULL pointer to a call to X509_STORE_CTX_get_current_cert
in some new logic concerning policy checks.
The routine could either simply return in case of a NULL parameter
or issue a static error message.
Alternatively the few callers could be fixed not to call the routine.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: bugs-help[at]httpd.apache.org
|
