On Tue, Dec 03, 2002, Vaclav Ovsik via RT wrote: > > > Tue Dec 3 13:56:10 2002: Request 20 was acted upon. > Transaction: Correspondence added by [EMAIL PROTECTED] > Queue: OpenSSL-Bugs > Subject: [openssl.org #20] patch for asn1_d2i_read_bio() to detect truncated >data > Owner: steve > Requestors: [EMAIL PROTECTED] > Status: open > Ticket <URL: //www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=20 > > ------------------------------------------------------------------------- > Hello, > my colleague Jan Hofmann experimented with new ASN.1 code from > openssl-0.9.7-beta4. He achieved buggy behavior when parsing > incomplete (truncated) DER data under specific conditions. > Openssl does'not detect any error while parsing truncated DER data. > He asked on openssl-users mailling list without response. > I tried to debug his code down into libcrypto and localized bug > in function asn1_d2i_read_bio(). > I found this problem in RT/openssl.org since May 2002 (Id #20). >
What do you mean "buggy behaviour"? OpenSSL ASN1 code expects a complete structure only and should produce an error if it is incomplete, at least at the d2i_XXX level. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
