commit e635c11d0cf336448fa3bfa1a17e172ca28c21c5
Author: Jakub Bogusz <[email protected]>
Date: Wed Jul 31 09:22:46 2002 +0000
- missing fixes for ASN.1
Changed files:
openssl-0.9.6c-security.patch -> 1.2
openssl-0.9.6c-security.patch | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
---
diff --git a/openssl-0.9.6c-security.patch b/openssl-0.9.6c-security.patch
index 2ded6e2..3244b0c 100644
--- a/openssl-0.9.6c-security.patch
+++ b/openssl-0.9.6c-security.patch
@@ -31,6 +31,41 @@
#endif
--- crypto/asn1/asn1_lib.c.orig Fri Mar 30 06:42:32 2001
+++ crypto/asn1/asn1_lib.c Fri Jul 26 10:43:56 2002
+@@ -124,15 +124,13 @@
+ (int)(omax+ *pp));
+
+ #endif
+-#if 0
+- if ((p+ *plength) > (omax+ *pp))
++ if (*plength > (omax - (*pp - p)))
+ {
+ ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
+ /* Set this so that even if things are not long enough
+ * the values are set correctly */
+ ret|=0x80;
+ }
+-#endif
+ *pp=p;
+ return(ret|inf);
+ err:
+@@ -159,6 +157,8 @@
+ i= *p&0x7f;
+ if (*(p++) & 0x80)
+ {
++ if (i > sizeof(long))
++ return 0;
+ if (max-- == 0) return(0);
+ while (i-- > 0)
+ {
+@@ -170,6 +170,8 @@
+ else
+ ret=i;
+ }
++ if (ret < 0)
++ return 0;
+ *pp=p;
+ *rl=ret;
+ return(1);
@@ -407,7 +407,7 @@
void asn1_add_error(unsigned char *address, int offset)
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/openssl102.git/commitdiff/9fc1b1b87b259e8a327c99835865e91a391efc9e
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
