[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-dev
Subject: 0.9.6m fixes [was Re: Security fix oddity]
From: Leonard den Ottolander <leonard () den ! ottolander ! nl>
Date: 2004-09-28 1:08:14
Message-ID: 1096333694.4750.393.camel () athlon ! localdomain
[Download RAW message or body]
Hi,
On Mon, 2004-09-27 at 22:28, Leonard den Ottolander wrote:
> Well, I did a grep for OpenSSLDie in the 0.9.6m tree but no result other
> than in cryptlib.c. So your answer might be true for the 0.9.7 branch,
> but not for openssl-engine-0.9.6m.
It appears the definition of OpenSSLDie in cryptlib.c in the
openssl-engine-0.9.6.m is redundant. die() is no longer used in this
version. It is substituted with if blocks instead. These are replaced
with OPENSSL_asserts in 0.9.7.
I also noted a one hunk miss in 0.9.6m. In RHL 7.3's
openssl-0.9.6b-sec.patch there is this one hunk:
--- ./ssl/ssl_asn1.c.chats Thu Apr 5 21:28:48 2001
+++ ./ssl/ssl_asn1.c Thu Jul 25 16:41:00 2002
@@ -275,6 +276,7 @@ NOT COMMITTED
os.length=i;
ret->session_id_length=os.length;
+ die(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
In 0.9.6m die() is usually substituted with a
+ if (os.length > sizeof ret->session_id)
+ {
+ SSLerr(,);
+ return -1;
+ }
block.
In 0.9.6m this check is missing and should be added:
ret->session_id_length=os.length;
memcpy(ret->session_id,os.data,os.length);
It is there in 0.9.7d:
ret->session_id_length=os.length;
OPENSSL_assert(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
Haven't checked CVS HEAD, but I'll leave that to you.
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic