req command crashes using config file containing passwords

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

req command crashes using config file containing passwords

Michel

Hi,

 

I have some tests scripts that were working well with 1.0.2 and are crashing using v1.1 (Windows 7).

 

They are failing when calling the 'req' command with a configure script containing input_password/output password :

 

openssl req -new -batch -key RootCA.key -out RootCA.csr -config RootCA.cnf

 

"Access violation reading location … "(when freeing output password)

 

here under the call stack :

openssl.exe!CheckBytes(unsigned char * pb, unsigned char bCheck, unsigned int nSize) Line 1696       C++

openssl.exe!_free_dbg_nolock(void * pUserData, int nBlockUse) Line 1300     C++

openssl.exe!_free_dbg(void * pUserData, int nBlockUse) Line 1265     C++

openssl.exe!free(void * pUserData) Line 49      C++

openssl.exe!CRYPTO_free(void * str, const char * file, int line) Line 226              C

openssl.exe!req_main(int argc, char * * argv) Line 866                C

openssl.exe!do_cmd(lhash_st_FUNCTION * prog, int argc, char * * argv) Line 620        C

openssl.exe!main(int argc, char * * argv) Line 324          C

 

Let me know if I can help more.

 

Regards,

 

Michel.


--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: req command crashes using config file containing passwords

Viktor Dukhovni
On Mon, Feb 29, 2016 at 03:51:02PM +0100, Michel wrote:

> They are failing when calling the 'req' command with a configure script
> containing input_password/output password :

Please try the patch below:

--
        Viktor.

diff --git a/apps/req.c b/apps/req.c
index 693acc2..b128fa8 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -198,7 +198,9 @@ int req_main(int argc, char **argv)
     char *extensions = NULL, *infile = NULL;
     char *outfile = NULL, *keyfile = NULL, *inrand = NULL;
     char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL;
-    char *passin = NULL, *passout = NULL, *req_exts = NULL, *subj = NULL;
+    char *passin = NULL, *passout = NULL;
+    char *nofree_passin = NULL, *nofree_passout = NULL;
+    char *req_exts = NULL, *subj = NULL;
     char *template = default_config_file, *keyout = NULL;
     const char *keyalg = NULL;
     OPTION_CHOICE o;
@@ -436,15 +438,17 @@ int req_main(int argc, char **argv)
         }
     }
 
-    if (!passin) {
-        passin = NCONF_get_string(req_conf, SECTION, "input_password");
-        if (!passin)
+    if (passin == NULL) {
+        passin = nofree_passin =
+            NCONF_get_string(req_conf, SECTION, "input_password");
+        if (passin == NULL)
             ERR_clear_error();
     }
 
-    if (!passout) {
-        passout = NCONF_get_string(req_conf, SECTION, "output_password");
-        if (!passout)
+    if (passout == NULL) {
+        passout = nofree_passout =
+            NCONF_get_string(req_conf, SECTION, "output_password");
+        if (passout == NULL)
             ERR_clear_error();
     }
 
@@ -862,8 +866,10 @@ int req_main(int argc, char **argv)
     X509_REQ_free(req);
     X509_free(x509ss);
     ASN1_INTEGER_free(serial);
-    OPENSSL_free(passin);
-    OPENSSL_free(passout);
+    if (passin != nofree_passin)
+        OPENSSL_free(passin);
+    if (passout != nofree_passout)
+        OPENSSL_free(passout);
     OBJ_cleanup();
     return (ret);
 }
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: req command crashes using config file containing passwords

Michel
Hi Viktor,

With your patch applied, I can confirm that the 'req' command now run just
fine.

Thanks,

Michel.
 
-----Message d'origine-----
De : openssl-dev [mailto:[hidden email]] De la part de
Viktor Dukhovni
Envoyé : lundi 29 février 2016 19:00
À : [hidden email]
Objet : Re: [openssl-dev] req command crashes using config file containing
passwords

On Mon, Feb 29, 2016 at 03:51:02PM +0100, Michel wrote:

> They are failing when calling the 'req' command with a configure script
> containing input_password/output password :

Please try the patch below:

--
        Viktor.

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev