yes
----- Original Message -----
From: "Rakesh.R" <[EMAIL PROTECTED]>
Date: Monday, April 23, 2001 4:27 am
Subject: RE: bug in EVP_MD_CTX_copy()
> Bharath are u from Chennai?
>
> -----Original Message-----
> From: T Bharath [mailto:[EMAIL PROTECTED]]
> Sent: Monday, April 23, 2001 1:34 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: bug in EVP_MD_CTX_copy()
>
> Iam trying to use openssl in my app and boundschecker was giving the
> following error
> stack memory overrun
> Copying 96 bytes to ctx.digest
> Starting offset 0,destination size:4 bytes
> The callstack details are
>
> EVP_MD_CTX_copy() \crypto\evp\digest.c line no 90
> ssl3_handshake_mac() \ssl\s3_enc.c 434
> ssl3_final_finish_mac() \ssl\s3_enc.c 419
> ssl3_send_finished() \ssl\s3_both.c 155
> ssl3_connect() \ssl\s3_clnt.c 329
> SSL_connect() \ssl\ssl_lib.c 727
> ssl23_get_server_hello() \ssl\s23_clnt.c 469
> ssl23_connect() \ssl\ssl_clnt.c 179
> SSL_connect() \ssl\ssl_lib.c 727
>
> Taking a closer look i found that in
> ssl3_handshake_mac() we have instantiated EVP_MD_CTX ctx;
> and then call EVP_MD_CTX_copy(&ctx,in_ctx) inside which we do a memcpy
> Now ctx has a pointer member const EVP_MD *digest;
> When we instantiate ctx ,digest being a member pointer does not get
> allocated any memory and when we do the memcpy inside EVP_MD_CTX_copy
> we are copying data into a dangling pointer.Shouldnt we allocate
> memoryto ctx.digest before calling EVP_MD_CTX_copy.
> Iam using openssl-0.9.5a but i checked the latest openssl-0.9.6
> engine.This bug is still there
>
>
>
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
