Would the attached patch be agreeable to both of you? It contains a
fix (okay, it's a hack) to ensure OpenSSL doesn't loop infinitely on
crashing Heap32Next, so that should at least cover the (theoretical?)
issue of arbitrary/unknown fault origin from within Heap32Next.
Then there's the fun part
Kim's fix as diff for CA.sh for when anyone wants to incorporate this
in 0.9.9 CVS HEAD
On Tue, Feb 24, 2009 at 9:46 PM, Nguyen, Kim via RT r...@openssl.org wrote:
The CA.sh script in 0.9.8j is missing the -extensions v3_ca flag. This
doesn't seem to be a problem in CA.pl
In comparision,
Dear all,
in the x509 manpage, the description of the -hash paramter is misleading
;-)
Patch is against 0.9.8-stable of March 10th.
Best regards,
Martin
--- x509.pod.orig 2009-03-10 22:42:58.0 +0100
+++ x509.pod2009-03-10 22:43:15.0 +0100
@@ -155,7 +155,7 @@
-create_serial does not exist in CA.sh, either.
-Kyle H
On Tue, Feb 24, 2009 at 1:46 PM, Nguyen, Kim via RT r...@openssl.org wrote:
The CA.sh script in 0.9.8j is missing the -extensions v3_ca flag. This
doesn't seem to be a problem in CA.pl
In comparision, CA.pl has:
print Making CA
As originally posted to users@ by Victor Duchovni @ 2009/02/11
Attached is this as a patch file against todays 0.9.9 CVS HEAD; patch
includes assert() -- OPENSSL_assert() fixes as well.
On Wed, Feb 11, 2009 at 10:41 AM, Ger Hobbelt g...@hobbelt.com wrote:
Good find! This is indeed wrong
patch attached: return value was not checked, causing havoc later
along the line (under particular memory conditions).
diff produced inspected against latest 0.9.9 CVS HEAD.
--
Met vriendelijke groeten / Best regards,
Ger Hobbelt
--
web:
Hello,
In case the openssl verify command is not able to process input file, it
reports the usage even if the usage is perfectly okay:
$ openssl verify -CAfile /local/Saved/SMI_SSL_CA-chain.pem cert.cer
Error loading file /local/Saved/SMI_SSL_CA-chain.pem
usage: verify [-verbose] [-CApath
The bad thing that happens when Purify doesn't recognize something like
this is that we fail to patch offsets to account for the code stretching
we do. If something used to be 100 bytes away, maybe after Purify
insertion it's 180, and we need to patch all offsets in relative
computations
The bugfix core in the attached diff are these bits:
@@ -351,6 +361,8 @@
fvalue = va_arg(args, LDOUBLE);
else
fvalue = va_arg(args, double);
+fmtfp(sbuffer, buffer, currlen, maxlen,
+ fvalue, min, max,
Hello,
In case the openssl verify command is not able to process input file, it
reports the usage even if the usage is perfectly okay:
$ openssl verify -CAfile /local/Saved/SMI_SSL_CA-chain.pem cert.cer
Error loading file /local/Saved/SMI_SSL_CA-chain.pem
usage: verify [-verbose] [-CApath
On Wed, Mar 11, 2009 at 1:49 PM, Vladimir Kotal vladimir.ko...@sun.com wrote:
Hello,
In case the openssl verify command is not able to process input file, it
reports the usage even if the usage is perfectly okay:
$ openssl verify -CAfile /local/Saved/SMI_SSL_CA-chain.pem cert.cer
Error
Hi Ger,
I've tried the patch on 0.9.8j. All seems fine in theory and in
practice. So I'm all for it.
Cheers,
Tanguy
Ger Hobbelt wrote:
Would the attached patch be agreeable to both of you? It contains a
fix (okay, it's a hack) to ensure OpenSSL doesn't loop infinitely on
crashing
The 'rt' is the 'request tracker' system. It essentially opens a
trouble ticket, which allows for any action on the patch to be
identified and tracked. (When it's updated by the core OS developers
when they take an action on a patch, anyway. :))
It also -- more importantly to you, in this case
Ger Hobbelt via RT wrote:
On Wed, Mar 11, 2009 at 1:49 PM, Vladimir Kotal vladimir.ko...@sun.com wrote:
Hello,
In case the openssl verify command is not able to process input file, it
reports the usage even if the usage is perfectly okay:
$ openssl verify -CAfile
Ger Hobbelt via RT wrote:
On Wed, Mar 11, 2009 at 1:49 PM, Vladimir Kotal vladimir.ko...@sun.com
wrote:
Hello,
In case the openssl verify command is not able to process input file, it
reports the usage even if the usage is perfectly okay:
$ openssl verify -CAfile
Andy wrote:
Would it handle [the sub from %o7 being in the delay slot of the call]?
Good idea, but no. This will fail regardless of whether the offset is the
same as the target of the call. The reason is that this is still using an
interprocedural trick to pass the called function its own
16 matches
Mail list logo
