As I'm having some problems understanding the ASN.1 parsing code, I would like to ask here for feedback about the bug. DKIM-Filter (OpenDKIM) uses d2i_PUBKEY_bio() with a key (input) that is at most 1KB long.
According to the advisory: > Any application which uses BIO or FILE based functions to read untrusted DER > format data is vulnerable. Affected functions are of the form d2i_*_bio or > d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp. this function is affected. Is that independent of the input size? (the data usually comes from DNS but is restricted to 1KB) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
