Bharath are u from Chennai?
-----Original Message-----
From: T Bharath [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 23, 2001 1:34 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: bug in EVP_MD_CTX_copy()
Iam trying to use openssl in my app and boundschecker was giving the
following error
stack memory overrun
Copying 96 bytes to ctx.digest
Starting offset 0,destination size:4 bytes
The callstack details are
EVP_MD_CTX_copy() \crypto\evp\digest.c line no 90
ssl3_handshake_mac() \ssl\s3_enc.c 434
ssl3_final_finish_mac() \ssl\s3_enc.c 419
ssl3_send_finished() \ssl\s3_both.c 155
ssl3_connect() \ssl\s3_clnt.c 329
SSL_connect() \ssl\ssl_lib.c 727
ssl23_get_server_hello() \ssl\s23_clnt.c 469
ssl23_connect() \ssl\ssl_clnt.c 179
SSL_connect() \ssl\ssl_lib.c 727
Taking a closer look i found that in
ssl3_handshake_mac() we have instantiated EVP_MD_CTX ctx;
and then call EVP_MD_CTX_copy(&ctx,in_ctx) inside which we do a memcpy
Now ctx has a pointer member const EVP_MD *digest;
When we instantiate ctx ,digest being a member pointer does not get
allocated any memory and when we do the memcpy inside EVP_MD_CTX_copy
we are copying data into a dangling pointer.Shouldnt we allocate memory
to ctx.digest before calling EVP_MD_CTX_copy.
Iam using openssl-0.9.5a but i checked the latest openssl-0.9.6
engine.This bug is still there
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]