El día Saturday, April 12, 2014 a las 09:30:22PM +0200, Matthias Apitz escribió:

> El día Saturday, April 12, 2014 a las 09:08:15PM +0200, Michael Tuexen 
> escribió:
> > > What is the exact bug, can someone show a svn/git diff of the first
> > > source version having the bug?
> > http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c5082161b02a22116ad75f822b1
> > > 
> Hi,
> Thanks for the git diff (and the other statements). Could you please be
> so kind and point to the exact place of the offending statement (or
> missing boundary check) in the 19 *.[ch] files? I only want (as a C
> programmer) to get my own impression of the nature of the issue. Thanks

ah, I see it in ssl/d1_both.c, the memcpy for the payload is done
regardless if payload length and payload fit; forget my request.


Sent from my FreeBSD netbook

Matthias Apitz, <g...@unixarea.de>, http://www.unixarea.de/ f: +49-170-4527211
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to