Attached patch fixes out-of-bound reads or r[4].
Thanks
--- ssl/s3_srvr.c.old 2013-08-20 11:34:59.0 -0700
+++ ssl/s3_srvr.c 2013-08-20 11:34:59.0 -0700
@@ -1838,7 +1838,7 @@
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
goto f_err;
}
-
Most other libraries I've seen handle this by saving the pid in a static
variable, and then comparing the current pid to it. This has the advantage
of not needing pthreads, and also of only adding the entropy to the child
if it is actually needed (i. e. it doesn't exec after fork).
We may
In a_utf8.c, lines 85 and 86 (1.0.1e) :
...
if((*p 0x80) == 0) { // as this byte looks like :
0xxx
value = *p++ 0x7f; // this line could as well be
written : value = *p++;
...
If I don't miss something, it would seems clearer to me.
On Thu, Aug 22, 2013 at 4:50 AM, Bodo Moeller bmoel...@acm.org wrote:
Most other libraries I've seen handle this by saving the pid in a static
variable, and then comparing the current pid to it. This has the advantage
of not needing pthreads, and also of only adding the entropy to the child
El jue 22 ago 2013 10:37:12 CLT, Bodo Moeller escribió:
(So we probably should use the current time in addition to the PID to
get a general solution to the PID wrap-around problem even on systems
where actual independent reseeding isn't possible.)
Or the processor time stamp counter (RDTSC in
(So we probably should use the current time in addition to the PID to
get a
general solution to the PID wrap-around problem even on systems where
actual independent reseeding isn't possible.)
The FIPS PRNG uses a combination of PID, a counter and a form of system
timer
for the DT vector
Why can I not reach ftp.openssl.org or www.openssl.org ?
--
Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism
The