[openssl.org #209] VU#748355 Feedback

2002-08-09 Thread Jia Ma via RT 



We have a question on the patched code:

http://www.openssl.org/news/patch_20020730_0_9_6d.txt

RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v
retrieving revision 1.19.2.1
diff -u -r1.19.2.1 asn1_lib.c
--- crypto/asn1/asn1_lib.c  2001/03/30 13:42:32 1.19.2.1
+++ crypto/asn1/asn1_lib.c  2002/07/30 09:14:17
@@ -124,15 +124,13 @@
(int)(omax+ *pp));
 
 #endif
-#if 0
-   if ((p+ *plength)  (omax+ *pp))
+   if (*plength  (omax - (*pp - p)))
{
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
/* Set this so that even if things are not long enough
 * the values are set correctly */
ret|=0x80;
}
-#endif
*pp=p;
return(ret|inf);
 err:
@@ -159,6 +157,8 @@
 
On the line:
if (*plength  (omax - (*pp - p)))
The value length is check for possibly longer than the total remaining
input. Since p is advancing, should we use the following instead :
if (*plength  (omax - (p - (*pp

Please advise.
Thanks,

Jia Ma



__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #209] VU#748355 Feedback

2002-08-09 Thread Richard Levitte via RT 


The problem has been fixed.  Please grab version 0.9.6g.  This 
ticket is now resolved.

[[EMAIL PROTECTED] - Sat Aug 10 00:44:57 2002]:

 
 We have a question on the patched code:
 
 http://www.openssl.org/news/patch_20020730_0_9_6d.txt
 
 RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v
 retrieving revision 1.19.2.1
 diff -u -r1.19.2.1 asn1_lib.c
 --- crypto/asn1/asn1_lib.c2001/03/30 13:42:32 1.19.2.1
 +++ crypto/asn1/asn1_lib.c2002/07/30 09:14:17
 @@ -124,15 +124,13 @@
   (int)(omax+ *pp));
  
  #endif
 -#if 0
 - if ((p+ *plength)  (omax+ *pp))
 + if (*plength  (omax - (*pp - p)))
   {
   ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
   /* Set this so that even if things are not long 
enough
* the values are set correctly */
   ret|=0x80;
   }
 -#endif
   *pp=p;
   return(ret|inf);
  err:
 @@ -159,6 +157,8 @@
  
 On the line:
 if (*plength  (omax - (*pp - p)))
 The value length is check for possibly longer than the total 
remaining
 input. Since p is advancing, should we use the following instead :
 if (*plength  (omax - (p - (*pp
 
 Please advise.
 Thanks,
 
 Jia Ma
 
 
 


-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]