[openssl.org #1402] x509v3 policy initialization bug

2006-10-05 Thread Aaron Campbell via RT 

Found this bug in OpenSSL 0.9.8d source.  A logical AND is being used
where a bitwise AND is clearly intended.  If I understand correctly, the
bug would allow any matching even if the certificate was not self
issued, at least in circumstances where x-ex_flags != 0.  I don't know
this system well enough to comment accurately on any further security
implications, I'll leave that to you guys.

--- crypto/x509v3/pcy_tree.c.orig   Thu Oct  5 12:20:10 2006
+++ crypto/x509v3/pcy_tree.cThu Oct  5 12:20:22 2006
@@ -197,7 +197,7 @@
/* Any matching allowed if certificate is self
 * issued and not the last in the chain.
 */
-   if (!(x-ex_flags  EXFLAG_SS) || (i == 0))
+   if (!(x-ex_flags  EXFLAG_SS) || (i == 0))
level-flags |= X509_V_FLAG_INHIBIT_ANY;
}
else

---
Aaron Campbell [EMAIL PROTECTED]
Software Engineer, Arbor Networks, Inc.


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #692] off-by-one bugs

2003-09-19 Thread Aaron Campbell via RT 

(Excuse the filenames, patch generated from OpenBSD -current sources.)

Index: lib/libssl/src/apps/openssl.c
===
RCS file: /cvs/src/lib/libssl/src/apps/openssl.c,v
retrieving revision 1.8
diff -u -r1.8 openssl.c
--- lib/libssl/src/apps/openssl.c   12 May 2003 02:18:35 -  1.8
+++ lib/libssl/src/apps/openssl.c   19 Sep 2003 14:38:36 -
@@ -163,7 +163,7 @@
goto err;
}

-   if (type  0 || type  CRYPTO_NUM_LOCKS)
+   if (type  0 || type = CRYPTO_NUM_LOCKS)
{
errstr = type out of bounds;
goto err;
Index: lib/libssl/src/ssl/ssltest.c
===
RCS file: /cvs/src/lib/libssl/src/ssl/ssltest.c,v
retrieving revision 1.9
diff -u -r1.9 ssltest.c
--- lib/libssl/src/ssl/ssltest.c12 May 2003 02:18:40 -  1.9
+++ lib/libssl/src/ssl/ssltest.c19 Sep 2003 14:38:37 -
@@ -291,7 +291,7 @@
goto err;
}

-   if (type  0 || type  CRYPTO_NUM_LOCKS)
+   if (type  0 || type = CRYPTO_NUM_LOCKS)
{
errstr = type out of bounds;
goto err;

---
Aaron Campbell ([EMAIL PROTECTED])
http://www.monkey.org/~aaron

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]