← Back to branch summary

~ubuntu-branches/ubuntu/maverick/openssl/maverick

« back to all changes in this revision

Viewing changes to diffs.sec6

  • Committer: Bazaar Package Importer
  • Author(s): Christoph Martin
  • Date: 2004-12-16 18:41:29 UTC
  • mto: (11.1.1 lenny)
  • mto: This revision was merged to the branch mainline in revision 3.
  • Revision ID: james.westby@ubuntu.com-20041216184129-z7xjkul57mh1jiha
Tags: upstream-0.9.7e
ImportĀ upstreamĀ versionĀ 0.9.7e

Show diffs side-by-side

added added

removed removed

Lines of Context:
diffs.sec6
 
1
diff -cr openssl6/CHANGES ossl6/CHANGES
 
2
*** openssl6/CHANGES    Wed Sep  3 23:35:53 2003
 
3
--- ossl6/CHANGES       Mon Sep 29 21:21:21 2003
 
4
***************
 
5
*** 4,9 ****
 
6
--- 4,19 ----
 
7
  
 
8
   Changes between 0.9.6j and 0.9.6k  [xx XXX 2003]
 
9
  
 
10
+   *) Fix various bugs revealed by running the NISCC test suite:
 
11
 
12
+      Stop out of bounds reads in the ASN1 code when presented with
 
13
+      invalid tags (CAN-2003-0543 and CAN-2003-0544).
 
14
+      
 
15
+      If verify callback ignores invalid public key errors don't try to check
 
16
+      certificate signature with the NULL public key.
 
17
 
18
+      [Steve Henson]
 
19
 
20
    *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
 
21
       if the server requested one: as stated in TLS 1.0 and SSL 3.0
 
22
       specifications.
 
23
diff -cr openssl6/crypto/asn1/asn1_lib.c ossl6/crypto/asn1/asn1_lib.c
 
24
*** openssl6/crypto/asn1/asn1_lib.c     Fri Aug  2 19:00:21 2002
 
25
--- ossl6/crypto/asn1/asn1_lib.c        Mon Sep 29 21:21:21 2003
 
26
***************
 
27
*** 104,113 ****
 
28
--- 104,115 ----
 
29
                        l<<=7L;
 
30
                        l|= *(p++)&0x7f;
 
31
                        if (--max == 0) goto err;
 
32
+                       if (l > (INT_MAX >> 7L)) goto err;
 
33
                        }
 
34
                l<<=7L;
 
35
                l|= *(p++)&0x7f;
 
36
                tag=(int)l;
 
37
+               if (--max == 0) goto err;
 
38
                }
 
39
        else
 
40
                { 
 
41
diff -cr openssl6/crypto/x509/x509_vfy.c ossl6/crypto/x509/x509_vfy.c
 
42
*** openssl6/crypto/x509/x509_vfy.c     Tue Dec 10 08:28:16 2002
 
43
--- ossl6/crypto/x509/x509_vfy.c        Mon Sep 29 21:21:21 2003
 
44
***************
 
45
*** 490,496 ****
 
46
                                ok=(*cb)(0,ctx);
 
47
                                if (!ok) goto end;
 
48
                                }
 
49
!                       if (X509_verify(xs,pkey) <= 0)
 
50
                                {
 
51
                                ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
 
52
                                ctx->current_cert=xs;
 
53
--- 490,496 ----
 
54
                                ok=(*cb)(0,ctx);
 
55
                                if (!ok) goto end;
 
56
                                }
 
57
!                       else if (X509_verify(xs,pkey) <= 0)
 
58
                                {
 
59
                                ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
 
60
                                ctx->current_cert=xs;