Re: unchecked buffer

Dr Stephen Henson Tue, 15 Aug 2000 17:18:27 -0700
Seth Arnold wrote:
> 
> Greetings everyone.
> 
> A co-worker of mine, Wes Santee, has discovered what appears to be an
> unchecked buffer in the RSAeay code in OpenSSL. The functions
> RSA_eay_private_encrypt and RSA_eay_public_encrypt accept a *to parameter
> but they don't seem to check its size before writing data to it.
> 

They don't but thats because the amount of data written can never exceed
RSA_size(rsa_key).

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: unchecked buffer

Reply via email to
