subject:"Questions re\: OpenSSL Security Advisory CVE\-2012\-2110"

Questions re: OpenSSL Security Advisory CVE-2012-2110

2012-04-19 Thread Erik Tkal

The detailed analysis for CVE-2012-2110 implies issues with truncation, 
specifically int vs long vs size_t.  Is the problem limited to platforms where 
these are different sizes?  The analysis says not limited to I32LP64, but does 
not rule out any platforms where it is not an issue.  Can it occur on ILP32 or 
ILP32LL64 platforms?



  Thanks!


Erik Tkal
Juniper OAC/UAC/Pulse Development

Re: Questions re: OpenSSL Security Advisory CVE-2012-2110

2012-04-19 Thread Dr. Stephen Henson

On Thu, Apr 19, 2012, Erik Tkal wrote:

 The detailed analysis for CVE-2012-2110 implies issues with truncation,
 specifically int vs long vs size_t.  Is the problem limited to platforms
 where these are different sizes?  The analysis says not limited to I32LP64,
 but does not rule out any platforms where it is not an issue.  Can it occur
 on ILP32 or ILP32LL64 platforms?
 

Yes: it isn't just limited to I32LP64.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Questions re: OpenSSL Security Advisory CVE-2012-2110

Re: Questions re: OpenSSL Security Advisory CVE-2012-2110

2 matches

Site Navigation

Mail list logo

Footer information