Hello -
We're coding against OpenSSL 0.9.7c and discovered the following bugs.
Both bugs occur in the the file crypto/ocsp/ocsp_vfy.c, and are similar
in nature. They are found in loops found in the methods ocsp_check_ids
and ocsp_match_issuerid, and are as follows:
ocsp_check_ids:
for (i = 1; i < idcount; i++) {
tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
... code removed ...
}
ocsp_match_issuerid:
for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
... code removed ...
}
You can see the first line in each of these loops accesses the ocsp
single response object not at index i, but at index 0 (making the loop
redundant). We believe that line should be changed to appear as follows:
tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
Please let me know if there is a more appropriate means of reporting
this bug, or if any further clarification is needed. Thanks.
Paul Siegel
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
