From hroi@hs.netgroup.dk  Wed Sep 13 03:51:20 2000
Return-Path: <hroi@hs.netgroup.dk>
Received: from secure.webhotel.net (secure.webhotel.net [195.41.202.80])
	by hub.freebsd.org (Postfix) with SMTP id 0B2A937B42C
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 13 Sep 2000 03:51:19 -0700 (PDT)
Received: (qmail 106641 invoked from network); 13 Sep 2000 10:47:49 -0000
Received: from mail-gateway.webhotel.net (195.41.202.215)
  by mail.webhotel.net with SMTP; 13 Sep 2000 10:47:49 -0000
Received: (from hroi@localhost)
	by hs.netgroup.dk (8.11.0/8.9.3) id e8DApoo01002;
	Wed, 13 Sep 2000 12:51:50 +0200 (CEST)
	(envelope-from hroi)
Message-Id: <200009131051.e8DApoo01002@hs.netgroup.dk>
Date: Wed, 13 Sep 2000 12:51:50 +0200 (CEST)
From: hroi@netgroup.dk
Sender: hroi@hs.netgroup.dk
Reply-To: hroi@netgroup.dk
To: FreeBSD-gnats-submit@freebsd.org
Subject: openssl dumps core with blank passwords
X-Send-Pr-Version: 3.2

>Number:         21248
>Category:       bin
>Synopsis:       openssl dumps core with blank passwords
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kris
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 13 04:00:01 PDT 2000
>Closed-Date:    Fri Aug 23 20:51:49 PDT 2002
>Last-Modified:  Fri Aug 23 20:51:49 PDT 2002
>Originator:     Hroi Sigurdsson
>Release:        FreeBSD 4.1-STABLE i386
>Organization:
Netgroup
>Environment:

freebsd 4.1	

>Description:

openssl dumps core when entering a blank password for encryption.

>How-To-Repeat:

echo hello | openssl des | openssl base64
<enter>
<enter>

coredump.

>Fix:

not known.	


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->kris 
Responsible-Changed-By: johan 
Responsible-Changed-When: Sat Sep 16 04:22:08 PDT 2000 
Responsible-Changed-Why:  
Over to Open{SSH, SSL} maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21248 
State-Changed-From-To: open->analyzed 
State-Changed-By: kris 
State-Changed-When: Sat Sep 16 22:58:57 PDT 2000 
State-Changed-Why:  
Problem verified, bug report submitted to OpenSSL 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21248 

From: Kris Kennaway <kris@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, hroi@netgroup.dk
Cc:  
Subject: Re: bin/21248: openssl dumps core with blank passwords
Date: Sat, 16 Sep 2000 22:58:41 -0700 (PDT)

 The problem is actually with the last command in the pipe (openssl
 base64) when it received 0-length input. I have submitted the bug report
 to the OpenSSL developers and will commit a patch once it has been fixed.
 
 Kris
 
 --
 In God we Trust -- all others must submit an X.509 certificate.
     -- Charles Forsythe <forsythe@alum.mit.edu>
 
 
State-Changed-From-To: analyzed->closed 
State-Changed-By: kris 
State-Changed-When: Fri Aug 23 20:51:23 PDT 2002 
State-Changed-Why:  
This bug seems to be resolved in recent versions of openssl. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21248 
>Unformatted:
