"Cliff Woolley" <[EMAIL PROTECTED]> wrote:
> Whoa, time out. In Ivan's original message, it said below the patch
> that the patch was only to demonstrate that this was generally where the
> problem was, not that it was a fix! He said:
>
> >- if ((v == B64_EOF) || (n >= 64))
> >+ if ((v == B64_EOF) || (n >= 68))
> >- if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
> >+ if ((v != B64_EOF) && (n >= 68)) exp_nl=1;
> >(i.e., the constant 64 is changed to 68), then the decoding will fail
> >for data that was 49 or 50 bytes long before encoding.
>
> So this applying this as a patch (which I see in the CVS tree has been
> done) wasn't the right thing to do at all, was it, Ivan?
Right, the patch was just to show that fiddling with the boundary
value predictably triggered the bug for the corresponding input
lengths. The bug itself is elsewhere -- I haven't tried to analyze
the rest of EVP_DecodeUpdate() or the calling routine in bio_b64.c.
So, the patch in my bug report is NOT a fix; sorry for the confusion,
perhaps I should have worded that part more clearly.
i.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
