hi!
one of my colleagues, Meelis Roos, found a bug in ASN1 routines.
ASN1_STRING_set allocates one extra byte for terminating '\0', so that one
can use str* functions directly. however it (correctly) doesn't reflect
this extra byte in length field. there are two other routines which create
strings. d2i_ASN1_type_bytes correctly allocates extra byte and sets the
terminator, but more often used d2i_ASN1_bytes doesn't.
d2i_ASN1_OCTET_STRING uses d2i_ASN1_bytes and does not allocate extra
byte. now calling ASN1_OCTET_STRING_set with exactly same length as
previously allocated causes one byte to be overwritten with '\0'.
sometimes it's really disastrous. i think that d2i_ASN1_bytes (and
perhapse some other routines) should be fixed, to allocate this extra
byte.
arne
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
