Our code-scanning tool has found another bug in OpenSSl 1.0.1k. In TS_check_status_info (in crypto/ts/ts_rsp_verify.c), if an error occurs we create a string which is intended to be a comma-separated list of error strings. However when adding the comma between error strings, strcpy is used rather than strcat. This means that if more than one error bit is set, the resulting string will be ",x" where x is the text associated with the LAST error; all other errors will be overwritten.
My guess is that having multiple failures is very rare, so very few people have run into this problem. I have attached a patch. Graeme Perrow
ts_check_status_info.patch
Description: Binary data
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
