[EMAIL PROTECTED] - Wed Mar 3 18:38:37 2004]:
> Hello -
>
> We're coding against OpenSSL 0.9.7c and discovered the following bugs.
> Both bugs occur in the the file crypto/ocsp/ocsp_vfy.c, and are
> similar
> in nature. They are found in loops found in the methods
> ocsp_check_ids
> and ocsp_match_issuerid, and are as follows:
>
> ocsp_check_ids:
>
> for (i = 1; i < idcount; i++) {
> tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
> ... code removed ...
> }
>
> ocsp_match_issuerid:
>
> for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
> tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
> ... code removed ...
> }
>
> You can see the first line in each of these loops accesses the ocsp
> single response object not at index i, but at index 0 (making the loop
> redundant). We believe that line should be changed to appear as
> follows:
>
> tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
>
> Please let me know if there is a more appropriate means of reporting
> this bug, or if any further clarification is needed. Thanks.
>
Yes you are correct. Thanks for the report.
Its probably because few OCSP reponses contain more than one certificate
details and you'd only notice during an error condition that this wasn't
spotted before.
I'll check in a fix.
Steve.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
