Package: boinc
Severity: serious
Tags: security
Hi,
I've been checking packages to see if they properly check the return
value of some of the functions in openssl. In lib/crypt.C there
is this code:
int decrypt_public(R_RSA_PUBLIC_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out) {
RSA* rp = RSA_new();
public_to_openssl(key, rp);
RSA_public_decrypt(in.len, in.data, out.data, rp, RSA_PKCS1_PADDING);
out.len = RSA_size(rp);
return 0;
}
So it's not checking the return value of RSA_public_decrypt() which
returns the the size of the recovered message digest on success
and -1 on failure.
I have no idea if this code is being used and what the consequences
of this might be.
Kurt
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
