As I recall, the rsaref2 buffer problems were exploitable, at least as
used by ssh.
fortunately, things don't look so bad..
On a quick first look at openssl and openssh it appears that
RSA_sign/RSA_sign_ASN1_OCTET_STRING size the output buffer
appropriately and are not vulnerable; similarly, the calls to the same
function from openssh hand it an appropriately-sized buffer.
the interface really could stand some improvement, though.
- Bill
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
