[openssl.org #356] Bug in CRLF translation in PKCS7_sign

2003-06-03 Thread Stephen Henson via RT 

[EMAIL PROTECTED] - Fri Nov 22 10:27:16 2002]:

 
 OS: Windows, but I think it is a cross-platform bug.
 Version: 0.9.6g
 
 In the following function which is called from
 PKCS7_sign, if the source text contains a line of text
 which is exactly a mutiple of MAX_SMLEN-2 characters
 long and has a CRLF line ending, then the gets call
 will return a buffer which ends with just a CR, and
 then on the next call a line that contains just an LF,
 which will result in two CRLF pairs being put into the
 output.
 
 A harmless bit of buggy coding is also present.  The
 value of len is not checked in the inner while loop. 
 Any line which only contains CR or LF characters will
 cause len to go to 0, and the memory location
 linebuf[-1] will be read.  Its extremely unlikely that
 the value at that location is a CR or LF, so usually
 the loop terminates anyway.  But, its not nice to go
 out of bounds, and I imagine memory protection faults
 could be triggered on some platforms.
 
 This only affects callers who do not pass PKCS7_BINARY
 in the flags parameter (our work-around was to
 normalize the line endings ourselves and then pass
 PKCS7_BINARY).
 

Should be fixed no in 0.9.7-stable and 0.9.8-dev. Please check the next
snapshot.

Steve.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #624] [BUG] SMIME decrypt fails when encrypted file size is 9383 bytes

2003-06-03 Thread Stephen Henson via RT 

I've tried this on the latest 0.9.7-stable version and it fails with a
base64 decoding error.

The cause is that the base64 BIO is rather broken as I discovered when I
attempted to run some exhaustive non-blocking I/O tests on it a while ago. 

Since the changes were quite extensive, it could break other things like
PEM if I got it wrong, it only seemed to affect non blocking I/O and no
one else appeared to have noticed I didn't commit the fixes to the
stable tree. 

However now that it does affect blocking I/O and someone has noticed :-)
I've got a good reason to fix the stable version too.

If you don't want to wait until the next snapshot you can just copy
bio_b64.c from the 0.9.8-dev version to 0.9.7b.

Steve.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]