How do I apply the following fix to openssl version 0.9.6d?
Invalid ASN1 DSA parameter sequences cause d2i_DSAparams() to free a data
pointer twice, leading to the usual boring chaos. Fix is appended below.
This same bug appears in the following functions (same fix): d2i_DHparams()
d2i_RSAPrivateKey() d2i_DSA_SIG() Glad to see Rijndael and OCSP in the
latest snapshots. -- Ken Lalonde, Torus Inc, Toronto Canada
diff -c -r1.1 d2i_dsap.c
*** d2i_dsap.c 2000/11/15 19:56:58 1.1
--- d2i_dsap.c 2000/11/15 19:57:02
***************
*** 84,89 ****
--- 84,90 ----
if ((ret-g=BN_bin2bn(bs-data,bs-length,ret-g)) == NULL) goto err_bn;
M_ASN1_BIT_STRING_free(bs);
+ bs = NULL;
M_ASN1_D2I_Finish_2(a);
Jeff Turner
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
