Greetings,
The patches that Ademar sent out appear to use different whitespace than
the patches that Ben sent. The only significant code change I found for
OpenSSL 0.9.6a was in the crypto/asn1/asn1_lib.c file.
I am curious which set of patches should be considered 'official' and if
I had managed to miss any other changes along the way.
Would it make sense to put whatever set of patches to the older releases
might be considered 'official' into the master source directory along
with a .md5 and a .asc file?
Thanks,
-- Mark
For openssl-0.9.6a
--- crypto/asn1/asn1_lib.c.ben Wed Jul 31 11:03:40 2002
+++ crypto/asn1/asn1_lib.c Wed Jul 31 11:04:11 2002
@@ -124,15 +124,13 @@ int ASN1_get_object(unsigned char **pp,
(int)(omax+ *pp));
#endif
-#if 0
- if ((p+ *plength) > (omax+ *pp))
+ if (*plength > (omax - (*pp - p)))
{
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
/* Set this so that even if things are not long enough
* the values are set correctly */
ret|=0x80;
}
-#endif
*pp=p;
return(ret|inf);
err:
@@ -159,6 +157,8 @@ static int asn1_get_length(unsigned char
i= *p&0x7f;
if (*(p++) & 0x80)
{
+ if (i > sizeof(long))
+ return 0;
if (max-- == 0) return(0);
while (i-- > 0)
{
@@ -170,6 +170,8 @@ static int asn1_get_length(unsigned char
else
ret=i;
}
+ if (ret < 0)
+ return 0;
*pp=p;
*rl=ret;
return(1);
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
