Please don't forget the enc_read.c bug fix.
From: Michael Rayment <[EMAIL PROTECTED]>
Subject: [ssl-bugs] Possible bug in crypto/des/enc_read.c
Date: Mon, 15 Feb 1999 00:45:01 -0330
I am using enc_read.c and enc_write.c to easily read and write data into
and from an encrypted file. I am reading and writing in large buffer sizes
and came across what appears to be a bug in the enc_read.c routine.
I added a few lines of code so that it would work and thought I would
pass the fix on to your group for evaluation and possible integration into
the distribution. I have noted this problem in several distrubutions but the
context diffs that I have included is based on SSLeay-0.9.0b.
Here is the following diffs
*** enc_read.c Sat Sep 12 14:19:38 1998
--- enc_read.c.org Thu Apr 9 09:29:29 1998
***************
*** 81,87 ****
static int unnet_start=0;
static int unnet_left=0;
static char *tmpbuf=NULL;
! int i, excess;
long num=0,rnum;
unsigned char *p;
--- 81,87 ----
static int unnet_start=0;
static int unnet_left=0;
static char *tmpbuf=NULL;
! int i;
long num=0,rnum;
unsigned char *p;
***************
*** 126,139 ****
}
/* We need to get more data. */
! /* if (len > MAXWRITE) len=MAXWRITE; */
! excess = 0;
! while (len > MAXWRITE) {
! i = des_enc_read(fd, buf, MAXWRITE, sched, iv);
! buf += i;
! len -= i;
! excess += i;
! }
/* first - get the length */
while (net_num < HDRSIZE)
--- 126,132 ----
}
/* We need to get more data. */
! if (len > MAXWRITE) len=MAXWRITE;
/* first - get the length */
while (net_num < HDRSIZE)
***************
*** 220,225 ****
DES_DECRYPT);
}
}
! return((int)num + excess);
}
--- 213,218 ----
DES_DECRYPT);
}
}
! return((int)num);
}
Hope this is of value and thanks very much for your efforts.
---
Michael Rayment
Department of Computer Science
Memorial University of Newfoundlandd.c
Phone: (709) 737-8711 Fax: (709) 737-2009
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
