Date: Sun, 20 Sep 2015 22:48:14 -0400 From: Curtis Villamizar <curtis@ipv6.occnc.com> To: openssl-dev@openssl.org, freebsd-ports@freebsd.org, dinoex@FreeBSD.org Cc: curtis@ipv6.occnc.com Subject: coding error in x509_vpm.c - param_cmp
| raw e-mail | index | archive | help
Hi there openssl experts,
It appears as though callers expect param_cmp to return 1 on success
and zero otherwise. strcmp returns zero if the two strings match.
See patch below in between the lines with 60 "-" character.
------------------------------------------------------------
--- crypto/x509/x509_vpm.c.orig 2015-07-09 07:57:15.000000000 -0400
+++ crypto/x509/x509_vpm.c 2015-09-21 14:58:52.191117000 -0400
@@ -591,7 +591,7 @@
static int param_cmp(const X509_VERIFY_PARAM *const *a,
const X509_VERIFY_PARAM *const *b)
{
- return strcmp((*a)->name, (*b)->name);
+ return (0 == strcmp((*a)->name, (*b)->name));
}
int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
------------------------------------------------------------
Hi there FreeBSDers,
I've added this locally as files/patch-crypto_x509_x509_vpm.c in
/usr/ports/security/openssl. Please pick this up as a patch file in
the security/openssl port until fixed in openssl.
btw- I cc'd freebsd-ports in case anyone else runs into this and Cc'd
the port maintainer in case he doesn't read every message on that list
(very likely if he has a life and/or a job).
Curtis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>