1
diff -cr openssl7/CHANGES ossl7/CHANGES
2
*** openssl7/CHANGES Thu Sep 4 12:52:10 2003
3
--- ossl7/CHANGES Mon Sep 29 21:26:37 2003
8
Changes between 0.9.7b and 0.9.7c [xx XXX 2003]
10
+ *) Fix various bugs revealed by running the NISCC test suite:
12
+ Stop out of bounds reads in the ASN1 code when presented with
13
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
15
+ Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
17
+ If verify callback ignores invalid public key errors don't try to check
18
+ certificate signature with the NULL public key.
22
*) New -ignore_err option in ocsp application to stop the server
23
exiting on the first error in a request.
29
Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
31
+ *) Fix various bugs revealed by running the NISCC test suite:
33
+ Stop out of bounds reads in the ASN1 code when presented with
34
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
36
+ If verify callback ignores invalid public key errors don't try to check
37
+ certificate signature with the NULL public key.
41
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
42
if the server requested one: as stated in TLS 1.0 and SSL 3.0
44
diff -cr openssl7/crypto/asn1/asn1_lib.c ossl7/crypto/asn1/asn1_lib.c
45
*** openssl7/crypto/asn1/asn1_lib.c Fri Aug 2 19:03:41 2002
46
--- ossl7/crypto/asn1/asn1_lib.c Mon Sep 29 21:26:37 2003
52
if (--max == 0) goto err;
53
+ if (l > (INT_MAX >> 7L)) goto err;
58
+ if (--max == 0) goto err;
62
diff -cr openssl7/crypto/asn1/tasn_dec.c ossl7/crypto/asn1/tasn_dec.c
63
*** openssl7/crypto/asn1/tasn_dec.c Tue Nov 12 13:21:26 2002
64
--- ossl7/crypto/asn1/tasn_dec.c Mon Sep 29 21:26:37 2003
69
int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
71
+ ASN1_VALUE **opval = NULL;
73
ASN1_TYPE *typ = NULL;
78
*pval = (ASN1_VALUE *)typ;
79
} else typ = (ASN1_TYPE *)*pval;
80
if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
82
pval = (ASN1_VALUE **)&typ->value.ptr;
90
! if(!ret) ASN1_TYPE_free(typ);
100
! ASN1_TYPE_free(typ);
107
diff -cr openssl7/crypto/x509/x509_vfy.c ossl7/crypto/x509/x509_vfy.c
108
*** openssl7/crypto/x509/x509_vfy.c Wed Jun 4 00:40:47 2003
109
--- ossl7/crypto/x509/x509_vfy.c Mon Sep 29 21:26:37 2003
115
! if (X509_verify(xs,pkey) <= 0)
116
/* XXX For the final trusted self-signed cert,
117
* this is a waste of time. That check should
118
* optional so that e.g. 'openssl x509' can be
123
! else if (X509_verify(xs,pkey) <= 0)
124
/* XXX For the final trusted self-signed cert,
125
* this is a waste of time. That check should
126
* optional so that e.g. 'openssl x509' can be