[[EMAIL PROTECTED] - Tue Dec 3 13:56:10 2002]:
Hello,
my colleague Jan Hofmann experimented with new ASN.1 code from
openssl-0.9.7-beta4. He achieved buggy behavior when parsing
incomplete (truncated) DER data under specific conditions.
Openssl does'not detect any error while parsing
[[EMAIL PROTECTED] - Sat May 4 20:44:23 2002]:
Experimenting with openssl smime -decrypt, I found that it did not
detect that a
message was truncated. Changing line 173 of crypto/asn1/a_d2i_fp.c
from
if (i = 0)
to
if (i want)
fixes the problem. I think this is the right code
Experimenting with openssl smime -decrypt, I found that it did not detect that a
message was truncated. Changing line 173 of crypto/asn1/a_d2i_fp.c from
if (i = 0)
to
if (i want)
fixes the problem. I think this is the right code for all cases, but somebody who
actually understands the