Re: [CVS] OpenSSL: openssl/ CHANGES openssl/apps/ progs.h s_apps.h s_socke...

Thu, 31 Mar 2005 02:08:40 -0800 

Scholars might like to note two bugs turned up by this change:

Index: openssl/crypto/asn1/a_set.c
============================================================================
$ cvs diff -u -r1.13 -r1.14 a_set.c
--- openssl/crypto/asn1/a_set.c 5 Dec 2004 01:03:06 -0000 1.13
+++ openssl/crypto/asn1/a_set.c 31 Mar 2005 09:26:25 -0000 1.14
@@ -210,7 +211,9 @@
char *s;
if (M_ASN1_D2I_end_sequence()) break;
- if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
+ /* XXX: This was called with 4 arguments, incorrectly, it seems
+ if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */
+ if ((s=d2i(NULL,&c.p,c.slen)) == NULL)
{
ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
asn1_add_error(*pp,(int)(c.q- *pp));
@@ .
patch -p0 <<'@@ .'
Index: openssl/crypto/ocsp/ocsp.h
============================================================================
$ cvs diff -u -r1.30 -r1.31 ocsp.h
--- openssl/crypto/ocsp/ocsp.h 17 Dec 2001 19:22:06 -0000 1.30
+++ openssl/crypto/ocsp/ocsp.h 31 Mar 2005 09:26:31 -0000 1.31
@@ -349,13 +349,9 @@
#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
-#define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \
- OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\
- (unsigned char **)(p))
-
-#define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\
- OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\
- (unsigned char **)(p))
+#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
+
+#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
(char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) 

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to