Re: [openssl-users] CVE-2016-2180

On 16/09/16 08:09, sivagopiraju wrote: > And a small understanding. > > We are supplying buffer is about to 128 bytes to fill the converted message, > So, if the obj(ASN1_OBJECT) size is more than that(supplied buffer) size > OBJ_obj2txt will do truncate and will return the obj(ASN1_OBJECT)

Re: [openssl-users] CVE-2016-2180

El d�a Friday, September 16, 2016 a las 08:57:30AM +0100, Matt Caswell escribi�: > >> int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); > >> > >> OBJ_obj2txt() converts the ASN1_OBJECT a into a textual representation. The > >> representation is written as a null

Re: [openssl-users] CVE-2016-2180

El día Thursday, September 15, 2016 a las 09:00:07PM -0700, sivagopiraju escribió: > - int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); > -BIO_write(bio, obj_txt, len); > -BIO_write(bio, "\n", 1); > +OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); > +BIO_printf(bio,

Re: [openssl-users] CVE-2016-2180

int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); OBJ_obj2txt() converts the ASN1_OBJECT a into a textual representation. The representation is written as a null terminated string to buf at most buf_len bytes are written, truncating the result if necessary.* The total

Re: [openssl-users] CVE-2016-2180

El día Thursday, September 15, 2016 a las 10:35:34PM -0700, sivagopiraju escribió: > int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); > > OBJ_obj2txt() converts the ASN1_OBJECT a into a textual representation. The > representation is written as a null terminated

Re: [openssl-users] Customize Windows library names

In message on Fri, 16 Sep 2016 09:43:37 +0200, Kim Gräsman said: kim.grasman> Hi Richard, kim.grasman> kim.grasman> On Fri, Sep 16, 2016 at 12:08 AM, Richard Levitte wrote:

Re: [openssl-users] CVE-2016-2180

And a small understanding. We are supplying buffer is about to 128 bytes to fill the converted message, So, if the obj(ASN1_OBJECT) size is more than that(supplied buffer) size OBJ_obj2txt will do truncate and will return the obj(ASN1_OBJECT) message length. It results in more than 128(returned

Re: [openssl-users] Customize Windows library names

Hi Richard, On Fri, Sep 16, 2016 at 12:08 AM, Richard Levitte wrote: > In message > on Thu, > 15 Sep 2016 12:17:12 +0200, Kim Gräsman said: > > kim.grasman> I'm looking at

Re: [openssl-users] CVE-2016-2180

On 16/09/16 08:05, Matthias Apitz wrote: > El día Thursday, September 15, 2016 a las 10:35:34PM -0700, sivagopiraju > escribió: > >> int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); >> >> OBJ_obj2txt() converts the ASN1_OBJECT a into a textual representation. The >>

Re: [openssl-users] CVE-2016-2180

Thanks for the answers, I am going to change BIO_write to BIO_printf in my product for openssl. And finally one question, NULL terminator is surely within the 128 bytes of buffer? regards, Gopi. -- View this message in context:

[openssl-users] How to handle DTLS Certificate Reassembly Error

I’m using a support library leveraging openssl to complete a DTLS handshake. Occasionally, I’ll see in my packet captures that a handshake has failed with a “Certificate reassembly error”, and the support library doesn’t seem to be catching this properly to forward the error on. The library

Re: [openssl-users] How to handle DTLS Certificate Reassembly Error

On 16/09/16 19:47, Chad Phillips wrote: > I’m using a support library leveraging openssl to complete a DTLS handshake. You don't say what version of OpenSSL. The packet trace you sent is quite confusing, as there appears to be two separate handshakes going on at the same time that are