Loading CHANGES +10 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,16 @@ Changes between 0.9.6j and 0.9.6k [xx XXX 2003] *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. [Steve Henson] *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications. Loading crypto/asn1/asn1_lib.c +2 −0 Original line number Diff line number Diff line Loading @@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, l<<=7L; l|= *(p++)&0x7f; if (--max == 0) goto err; if (l > (INT_MAX >> 7L)) goto err; } l<<=7L; l|= *(p++)&0x7f; tag=(int)l; if (--max == 0) goto err; } else { Loading crypto/x509/x509_vfy.c +1 −1 Original line number Diff line number Diff line Loading @@ -490,7 +490,7 @@ static int internal_verify(X509_STORE_CTX *ctx) ok=(*cb)(0,ctx); if (!ok) goto end; } if (X509_verify(xs,pkey) <= 0) else if (X509_verify(xs,pkey) <= 0) { ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert=xs; Loading Loading
CHANGES +10 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,16 @@ Changes between 0.9.6j and 0.9.6k [xx XXX 2003] *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. [Steve Henson] *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications. Loading
crypto/asn1/asn1_lib.c +2 −0 Original line number Diff line number Diff line Loading @@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, l<<=7L; l|= *(p++)&0x7f; if (--max == 0) goto err; if (l > (INT_MAX >> 7L)) goto err; } l<<=7L; l|= *(p++)&0x7f; tag=(int)l; if (--max == 0) goto err; } else { Loading
crypto/x509/x509_vfy.c +1 −1 Original line number Diff line number Diff line Loading @@ -490,7 +490,7 @@ static int internal_verify(X509_STORE_CTX *ctx) ok=(*cb)(0,ctx); if (!ok) goto end; } if (X509_verify(xs,pkey) <= 0) else if (X509_verify(xs,pkey) <= 0) { ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert=xs; Loading
