This is version 2 of this patch. Apply by doing: cd /usr/src patch -p0 < 001_openssl.patch And then rebuild and install the library and statically-linked binaries that depend upon it: cd lib/libssl make obj make depend make includes make make install cd ../../sbin make obj make depend make make install Index: lib/libssl/src/crypto/asn1/asn1.h =================================================================== RCS file: /cvs/src/lib/libssl/src/crypto/asn1/asn1.h,v retrieving revision 1.10 diff -u -p -r1.10 asn1.h --- lib/libssl/src/crypto/asn1/asn1.h 6 Sep 2008 12:17:48 -0000 1.10 +++ lib/libssl/src/crypto/asn1/asn1.h 8 Apr 2009 00:26:37 -0000 @@ -1217,6 +1217,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_BAD_OBJECT_HEADER 102 #define ASN1_R_BAD_PASSWORD_READ 103 #define ASN1_R_BAD_TAG 104 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 #define ASN1_R_BN_LIB 105 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 #define ASN1_R_BUFFER_TOO_SMALL 107 @@ -1306,6 +1307,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 #define ASN1_R_UNKNOWN_FORMAT 160 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 Index: lib/libssl/src/crypto/asn1/asn1_err.c =================================================================== RCS file: /cvs/src/lib/libssl/src/crypto/asn1/asn1_err.c,v retrieving revision 1.9 diff -u -p -r1.9 asn1_err.c --- lib/libssl/src/crypto/asn1/asn1_err.c 6 Sep 2008 12:17:48 -0000 1.9 +++ lib/libssl/src/crypto/asn1/asn1_err.c 8 Apr 2009 00:26:37 -0000 @@ -195,6 +195,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, {ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, +{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"}, {ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, @@ -284,6 +285,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, +{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"}, {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, Index: lib/libssl/src/crypto/asn1/tasn_dec.c =================================================================== RCS file: /cvs/src/lib/libssl/src/crypto/asn1/tasn_dec.c,v retrieving revision 1.8 diff -u -p -r1.8 tasn_dec.c --- lib/libssl/src/crypto/asn1/tasn_dec.c 9 Jan 2009 12:15:27 -0000 1.8 +++ lib/libssl/src/crypto/asn1/tasn_dec.c 8 Apr 2009 00:26:37 -0000 @@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VAL err: ASN1_template_free(val, tt); - *val = NULL; return 0; } @@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_ err: ASN1_template_free(val, tt); - *val = NULL; return 0; } @@ -1012,6 +1010,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const case V_ASN1_SET: case V_ASN1_SEQUENCE: default: + if (utype == V_ASN1_BMPSTRING && (len & 1)) + { + ASN1err(ASN1_F_ASN1_EX_C2I, + ASN1_R_BMPSTRING_IS_WRONG_LENGTH); + goto err; + } + if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) + { + ASN1err(ASN1_F_ASN1_EX_C2I, + ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); + goto err; + } /* All based on ASN1_STRING and handled the same */ if (!*pval) {