On 12 May 2014 11:36, Ajit Menon via RT <r...@openssl.org> wrote: > I think this is the right change. However, I see that there is another "len-tot" in the following conditional block > > #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK > > This is within the same function. I wonder whether that line is also prone to the same issue and need the same check to be added to make sure that len is not less than tot.
Yes - you are right. But as I noted in my previous comment I modified Tim's original patch with an additional commit to move the test earlier for master and 1.0.2: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=971a7c5ff751d95bf33117e95a6acf2cfc951537 Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
