[[EMAIL PROTECTED] - Sat May 4 20:44:23 2002]:
> Experimenting with "openssl smime -decrypt", I found that it did not > detect that a > message was truncated. Changing line 173 of crypto/asn1/a_d2i_fp.c > from > if (i <= 0) > to > if (i < want) > fixes the problem. I think this is the right code for all cases, but > somebody who > actually understands the whole ASN parsing framework should probably > check it out. > Its a bit more complex than that. The reason for the <=0 test is because the actual value for 'want' is not always accurate. In particular when a header is being read 'want' is set to HEADER_SIZE which is 8. This is a only upper bound for a sensible header size. A valid header may only be two octets in length: 0x30, 0x0 for example is a zero length SEQUENCE. So what is actually needed is two different techniques, one to read in the header and the other the content octets (assuming their size is accurately known). Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
