[openssl.org #209] VU#748355 Feedback

Jia Ma via RT Fri, 09 Aug 2002 15:24:03 -0700

We have a question on the patched code:

http://www.openssl.org/news/patch_20020730_0_9_6d.txt

RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v
retrieving revision 1.19.2.1
diff -u -r1.19.2.1 asn1_lib.c
--- crypto/asn1/asn1_lib.c      2001/03/30 13:42:32     1.19.2.1
+++ crypto/asn1/asn1_lib.c      2002/07/30 09:14:17
@@ -124,15 +124,13 @@
                (int)(omax+ *pp));
 
 #endif
-#if 0
-       if ((p+ *plength) > (omax+ *pp))
+       if (*plength > (omax - (*pp - p)))
                {
                ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
                /* Set this so that even if things are not long enough
                 * the values are set correctly */
                ret|=0x80;
                }
-#endif
        *pp=p;
        return(ret|inf);
 err:
@@ -159,6 +157,8 @@
 
On the line:
if (*plength > (omax - (*pp - p)))
The value length is check for possibly longer than the total remaining
input. Since p is advancing, should we use the following instead :
if (*plength > (omax - (p - (*pp))))

Please advise.
Thanks,

Jia Ma



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
[openssl.org #209] VU#748355 Feedback

Reply via email to
