'0.9.6m fixes [was Re: Security fix oddity]'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-dev
Subject:    0.9.6m fixes [was Re: Security fix oddity]
From:       Leonard den Ottolander <leonard () den ! ottolander ! nl>
Date:       2004-09-28 1:08:14
Message-ID: 1096333694.4750.393.camel () athlon ! localdomain
[Download RAW message or body]

Hi,

On Mon, 2004-09-27 at 22:28, Leonard den Ottolander wrote:
> Well, I did a grep for OpenSSLDie in the 0.9.6m tree but no result other
> than in cryptlib.c. So your answer might be true for the 0.9.7 branch,
> but not for openssl-engine-0.9.6m.

It appears the definition of OpenSSLDie in cryptlib.c in the
openssl-engine-0.9.6.m is redundant. die() is no longer used in this
version. It is substituted with if blocks instead. These are replaced
with OPENSSL_asserts in 0.9.7.

I also noted a one hunk miss in 0.9.6m. In RHL 7.3's
openssl-0.9.6b-sec.patch there is this one hunk:

--- ./ssl/ssl_asn1.c.chats	Thu Apr  5 21:28:48 2001
+++ ./ssl/ssl_asn1.c	Thu Jul 25 16:41:00 2002
@@ -275,6 +276,7 @@ NOT COMMITTED
 		os.length=i;
 
 	ret->session_id_length=os.length;
+	die(os.length <= sizeof ret->session_id);
 	memcpy(ret->session_id,os.data,os.length);
 
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);

In 0.9.6m die() is usually substituted with a
+	if (os.length > sizeof ret->session_id)
+		{
+		SSLerr(,);
+		return -1;
+		}
block.

In 0.9.6m this check is missing and should be added:

	ret->session_id_length=os.length;
	memcpy(ret->session_id,os.data,os.length);

It is there in 0.9.7d:

	ret->session_id_length=os.length;
	OPENSSL_assert(os.length <= sizeof ret->session_id);
	memcpy(ret->session_id,os.data,os.length);

Haven't checked CVS HEAD, but I'll leave that to you.

Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic