Experimenting with "openssl smime -decrypt", I found that it did not detect that a message was truncated. Changing line 173 of crypto/asn1/a_d2i_fp.c from if (i <= 0) to if (i < want) fixes the problem. I think this is the right code for all cases, but somebody who actually understands the whole ASN parsing framework should probably check it out.
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
