Package: erlang
Severity: serious
Tags: security
Hi,
I've been checking packages to see if they properly check the return
value of some of the functions in openssl. In
lib/crypto/c_src/crypto_drv.c there is this code:
i = DSA_do_verify(hmacbuf, SHA_DIGEST_LENGTH,
dsa_sig, dsa);
*rbuf = (char *)(bin = driver_alloc_binary(1));
(bin->orig_bytes)[0] = (char)(i & 0xff);
And I have no idea what happens with this afterwards. But
I currently assume that it's not properly checking the
return value.
Note that DSA_do_verify can return 0 and -1 on errors and
1 on success.
Kurt
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
