On Tue, Dec 03, 2002, Vaclav Ovsik wrote: > On Tue, Dec 03, 2002 at 03:10:26PM +0100, Stephen Henson via RT wrote: > > What do you mean "buggy behaviour"? OpenSSL ASN1 code expects a complete > > structure only and should produce an error if it is incomplete, at least at > ^^^^^^^^^^^^^^^^^^^^^^^ > exactly > > I mean that OpenSSL not produce any error! > My colleague sent some easy example, that demonstrates this bug. > (example is attached again)
Thanks. The example illustrates the problem nicely, if you check the actual field z2->str in the example it still has the correct length but its contents aren't correct. This is caused by asn1_d2i_read_bio() assuming in BIO_read() that the amount of data supplied will always be that requested. Which wont be the case on EOF or error. I've checked in a fix which should be in the next snapshots. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
