[PATCH] Missing loop end check in crypto/engine/eng_table.c

[Richard Koenning]

In crypto/engine/eng_table.c the size of the accessed stack is not 
checked, so regularly non-existent stack elements are tried to access. 
Surprisingly often this does not crash (and all seems to function 
perfectly), but sometimes it does, as expected. My problems in 
connection with stunnel can be put down to this bug, and i think the 
problems observed by Robert Urban and Farkas Zsolt too.
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH
--- openssl-0.9.7d/crypto/engine/eng_table.c.ori        2001-11-09 14:15:05.000000000 
+0100
+++ openssl-0.9.7d/crypto/engine/eng_table.c    2004-04-08 15:46:21.447594000 +0200
@@ -286,6 +286,11 @@
                goto end;
                }
 trynext:
+       if (loop >= sk_num(fnd->sk))
+               {
+               ret = NULL;
+               goto end;
+               }
        ret = sk_ENGINE_value(fnd->sk, loop++);
        if(!ret)
                {