How do I apply the following fix to openssl version 0.9.6d?
Invalid ASN1 DSA parameter sequences cause d2i_DSAparams() to free a data
pointer twice, leading to the usual boring chaos. Fix is appended below.
This same bug appears in the following functions (same fix): d2i_DHparams()
d2i_RSAPrivat
OpenSSL STATUS Last modified at
__ $Date: 2002/08/14 11:07:29 $
DEVELOPMENT STATE
o OpenSSL 0.9.8: Under development...
o OpenSSL 0.9.7-beta3: Released on July 30th, 2002
o OpenSSL 0.9.7-beta2: Released on Jun
Tushar wrote:
> Hi,
>
> I have a question regarding the buffer overflow checks
> in 0.9.6g.
>
> Why do we always check for
> SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER?
> ^^^
> Shouldn't it be for
> SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
> ^^^
>
> Line# 4
