Hello,
I think I found a potential error in source code of openssl.
OpenSSL : 1.0.0, 0.9.8*,... (all versions at least after Jun 11
2003)
OS : All
File : crypto/bio/bf_buff.c (mod. time: Jun 11 2003 ...)
Function : buffer_ctrl (in block "case BIO_CTRL_FLUSH")
This code correctly works only when ctx->obuf_off == 0, otherwise error occures
See...
case BIO_CTRL_FLUSH:
if (b->next_bio == NULL) return(0);
if (ctx->obuf_len <= 0)
{
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
}
for (;;)
{
BIO_clear_retry_flags(b);
/*** error! */ if (ctx->obuf_len > ctx->obuf_off)
/*** valid: */ // if (ctx->obuf_len > 0)
{
r=BIO_write(b->next_bio,
&(ctx->obuf[ctx->obuf_off]),
/*** error! */ ctx->obuf_len-ctx->obuf_off);
/*** valid: */ // ctx->obuf_len);
#if 0
/*** error! */
fprintf(stderr,"FLUSH [%3d] %3d ->
%3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r);
/*** valid: */
//fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len,r);
#endif
BIO_copy_next_retry(b);
if (r <= 0) return((long)r);
/*** must be added: */ // ctx->obuf_len-=r;
ctx->obuf_off+=r;
}
else
{
ctx->obuf_len=0;
ctx->obuf_off=0;
ret=1;
break;
}
}
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
Strukov Petr
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
