ASN1_d2i_bio calls BIO_read without checking that the amount received
is equal to the amount requested (This causes a problem becuase
BIO_read will never return more than a record worth of data when
reading from a ssl bio). The following patch seems to fix the problem.
/Sam Meder
--- ../../../openssl-0.9.6b/crypto/asn1/a_d2i_fp.c Fri Apr 23 17:08:07 1999
+++ a_d2i_fp.c Fri Sep 21 06:10:56 2001
@@ -169,13 +169,17 @@
ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
- i=BIO_read(in,&(b->data[len]),want);
- if (i <= 0)
- {
-
ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
- goto err;
- }
- len+=i;
+ while(want)
+ {
+ i=BIO_read(in,&(b->data[len]),want);
+ if (i <= 0)
+ {
+
+ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
+ goto err;
+ }
+ len+=i;
+ want-=i;
+ }
}
off+=(int)c.slen;
if (eos <= 0)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
