[openssl.org #209] VU#748355 Feedback
We have a question on the patched code: http://www.openssl.org/news/patch_20020730_0_9_6d.txt RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v retrieving revision 1.19.2.1 diff -u -r1.19.2.1 asn1_lib.c --- crypto/asn1/asn1_lib.c 2001/03/30 13:42:32 1.19.2.1 +++ crypto/asn1/asn1_lib.c 2002/07/30 09:14:17 @@ -124,15 +124,13 @@ (int)(omax+ *pp)); #endif -#if 0 - if ((p+ *plength) (omax+ *pp)) + if (*plength (omax - (*pp - p))) { ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); /* Set this so that even if things are not long enough * the values are set correctly */ ret|=0x80; } -#endif *pp=p; return(ret|inf); err: @@ -159,6 +157,8 @@ On the line: if (*plength (omax - (*pp - p))) The value length is check for possibly longer than the total remaining input. Since p is advancing, should we use the following instead : if (*plength (omax - (p - (*pp Please advise. Thanks, Jia Ma __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #209] VU#748355 Feedback
The problem has been fixed. Please grab version 0.9.6g. This ticket is now resolved. [[EMAIL PROTECTED] - Sat Aug 10 00:44:57 2002]: We have a question on the patched code: http://www.openssl.org/news/patch_20020730_0_9_6d.txt RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v retrieving revision 1.19.2.1 diff -u -r1.19.2.1 asn1_lib.c --- crypto/asn1/asn1_lib.c2001/03/30 13:42:32 1.19.2.1 +++ crypto/asn1/asn1_lib.c2002/07/30 09:14:17 @@ -124,15 +124,13 @@ (int)(omax+ *pp)); #endif -#if 0 - if ((p+ *plength) (omax+ *pp)) + if (*plength (omax - (*pp - p))) { ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); /* Set this so that even if things are not long enough * the values are set correctly */ ret|=0x80; } -#endif *pp=p; return(ret|inf); err: @@ -159,6 +157,8 @@ On the line: if (*plength (omax - (*pp - p))) The value length is check for possibly longer than the total remaining input. Since p is advancing, should we use the following instead : if (*plength (omax - (p - (*pp Please advise. Thanks, Jia Ma -- Richard Levitte [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]