Arne Ansper wrote:
>
> hi!
>
> i would like to report some bugs in ssleay. unfortunately i don't have
> diffs against latest openssl source, but the fixes are really small, so i
> hope it's not too much trouble to incorporate them.
>
> 1) crypto/bio/b_printf.c uses static buffer for vsprintf which might
> overflow. we should use vsnprintf. no source code to fix this bug :(
Sigh. This means snarfing the snprint stuff from, for instance, Apache.
I'll think about it.
> 2) crypto/bio/bf_buff.c buffer_ctrl BIO_CTRL_FLUSH must flush the
> underlying bios after write. (insert BIO_ctrl(b->next_bio,cmd,num,ptr);
> before last break;)
Fixed.
> 3) crypto/bio/bf_buff.c buffer_gets does not insert final '\n' into
> buffer. so it is not semanticaly equivalent with fgets. this is my version
> of buffer_gets:
My reading of the current OpenSSL source says this is fixed. It'd be
nice if you could confirm that.
> 4) crypto/bio/bss_sock.c BIO_sock_should_retry has following code:
>
> #if defined(WINDOWS) /* more microsoft stupidity */
> if ((i == -1) && (err == 0))
> return(1);
> #endif
You've convinced me. I've committed the fix.
> 5) crypto/err/err.c ERR_get_state has static variable fallback. this
> should be initalized before returning pointer to it.
As far as I can see it is only used when allocation fails. In this case,
what should it be initialised to?
> 6) crypto/rsa/rsa_enc.c RSA_eay_mod_exp at the end:
>
> - BN_CTX_free(ctx);
> + if (ctx != NULL ) BN_CTX_free(ctx);
In fact rsa_enc.c is not used (any more?), but I made the equivalent
change to rsa_eay.c.
> 7) crypto/x509/x509name.c X509_NAME_add_entry frees wrong name entry in
> case of error:
>
> err:
> if (new_name != NULL)
> - X509_NAME_ENTRY_free(ne);
> + X509_NAME_ENTRY_free(new_name);
> return(0);
Fixed.
> 8) ssl/s2_pkt.c and ssl/s3_pkt.c write_pending and ssl3_write_pending have
> unnecessary check at the beginning which stops me from moving data around
> in my buffers between calls to SSL_write. this data is already copied to
> internal buffers and there is no need for this check. i tested ssleay
> without this check (non-blocking sockets and stuff) under various
> platforms and everything worked as expected.
>
> if ((s->s3->wpend_tot > (int)len) || (s->s3->wpend_buf != buf)
> || (s->s3->wpend_type != type))
> {
> SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
> return(-1);
> }
I'm reluctant to commit this. It seems to me that you need to find a way
to fix things up if you move data around (why do you do that anyway?).
> i have couple of bigger addiotions to ssleay too: i added write capability
> to conf module and rewrote it to use bio; bio_log module for logging to
> syslog/event log and bio_reliable module for creating reliable streams. i
> can send them directly to someone in core team for addition if you are
> interested.
They sound interesting. I'd really prefer it if they patch against the
current version, of course...
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Ghandi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
