Bug 21248

Summary: openssl dumps core with blank passwords
Product: Base System Reporter: hroi <hroi>
Component: binAssignee: Kris Kennaway <kris>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.1-STABLE   
Hardware: Any   
OS: Any   

Description hroi 2000-09-13 12:00:01 UTC 
openssl dumps core when entering a blank password for encryption.

Fix: 

not known.
How-To-Repeat: 
echo hello | openssl des | openssl base64
<enter>
<enter>

coredump.
Comment 1 Johan Karlsson freebsd_committer freebsd_triage 2000-09-16 12:22:08 UTC 
Responsible Changed
From-To: freebsd-bugs->kris

Over to Open{SSH, SSL} maintainer.
Comment 2 Kris Kennaway freebsd_committer freebsd_triage 2000-09-17 06:58:41 UTC 
The problem is actually with the last command in the pipe (openssl
base64) when it received 0-length input. I have submitted the bug report
to the OpenSSL developers and will commit a patch once it has been fixed.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>
Comment 3 Kris Kennaway freebsd_committer freebsd_triage 2000-09-17 06:58:57 UTC 
State Changed
From-To: open->analyzed

Problem verified, bug report submitted to OpenSSL
Comment 4 Kris Kennaway freebsd_committer freebsd_triage 2002-08-24 04:51:23 UTC 
State Changed
From-To: analyzed->closed

This bug seems to be resolved in recent versions of openssl.