[openssl.org #1845] [bug report] the new X509_NAME_hash function and SHA_DIGEST_LENGTH

Alexey Bezuglyi via RT Mon, 16 Feb 2009 11:01:07 -0800

version: openssl-0.9.9 (openssl-SNAP-20090209)  
operating system: MS Windows XP  
compiler: cl.exe (Microsoft Visual C++ 2008 Express Edition SP1)  
file: crypto/x509/x509_cmp.c  
  
Hi, in my application, next function causes a buffer overrun  
  
unsigned long X509_NAME_hash(X509_NAME *x)  
    {  
    unsigned long ret=0;  
    unsigned char md[16];//but SHA_DIGEST_LENGTH = 20  
  
    /* Make sure X509_NAME structure contains valid cached encoding */  
    i2d_X509_NAME(x,NULL);  
    EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL);  
  
    ret=(    ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|  
        ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)  
        )&0xffffffffL;  
    return(ret);  
    }  
  
  
thanks,  
  
Alexey Bezuglyi


SoftWare Developer
www.mylinux.ua

version: openssl-0.9.9 (openssl-SNAP-20090209)
operating system: MS Windows XP
compiler: cl.exe (Microsoft Visual C++ 2008 Express Edition SP1)
file: crypto/x509/x509_cmp.c

Hi, in my application, next function causes a buffer overrun

unsigned long X509_NAME_hash(X509_NAME *x)
    {
    unsigned long ret=0;
    unsigned char md[16];//but SHA_DIGEST_LENGTH = 20

    /* Make sure X509_NAME structure contains valid cached encoding */
    i2d_X509_NAME(x,NULL);
    EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL);

    ret=(    ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
        ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
        )&0xffffffffL;
    return(ret);
    }

thanks,

Alexey Bezuglyi

SoftWare Developer

www.mylinux.ua

[openssl.org #1845] [bug report] the new X509_NAME_hash function and SHA_DIGEST_LENGTH

Reply via email to