Loading CHANGES +6 −2 Original line number Diff line number Diff line Loading @@ -2,9 +2,13 @@ OpenSSL CHANGES _______________ Changes between 0.9.6k and 0.9.6l [xx XXX XXXX] Changes between 0.9.6k and 0.9.6l [04 Nov 2003] *) *) Fix additional bug revealed by the NISCC test suite: Stop bug triggering large recursion when presented with certain ASN.1 tags (CAN-2003-0851) [Steve Henson] Changes between 0.9.6j and 0.9.6k [30 Sep 2003] Loading NEWS +4 −0 Original line number Diff line number Diff line Loading @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. Major changes between OpenSSL 0.9.6k and OpenSSL 0.9.6l: o Security: fix ASN1 bug leading to large recursion Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k: o Security: fix various ASN1 parsing bugs. Loading README +1 −1 Original line number Diff line number Diff line OpenSSL 0.9.6k [engine] 30 Sep 2003 OpenSSL 0.9.6l [engine] 04 Nov 2003 Copyright (c) 1998-2003 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Loading STATUS +2 −1 Original line number Diff line number Diff line OpenSSL STATUS Last modified at ______________ $Date: 2003/10/02 18:09:27 $ ______________ $Date: 2003/11/04 11:33:10 $ DEVELOPMENT STATE Loading @@ -9,6 +9,7 @@ o OpenSSL 0.9.7b: Released on April 10th, 2003 o OpenSSL 0.9.7a: Released on February 19th, 2003 o OpenSSL 0.9.7: Released on December 31st, 2002 o OpenSSL 0.9.6l: Released on November 4th, 2003 o OpenSSL 0.9.6k: Released on September 30th, 2003 o OpenSSL 0.9.6j: Released on April 10th, 2003 o OpenSSL 0.9.6i: Released on February 19th, 2003 Loading crypto/asn1/a_bytes.c +7 −6 Original line number Diff line number Diff line Loading @@ -201,6 +201,9 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length, c.pp=pp; c.p=p; c.inf=inf; if (inf & 1) c.slen = length - (p - *pp); else c.slen=len; c.tag=Ptag; c.xclass=Pclass; Loading Loading @@ -279,8 +282,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) { if (c->inf & 1) { c->eos=ASN1_check_infinite_end(&c->p, (long)(c->max-c->p)); c->eos=ASN1_check_infinite_end(&c->p, c->slen); if (c->eos) break; } else Loading @@ -289,7 +291,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) } c->q=c->p; if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass) if (d2i_ASN1_bytes(&os,&c->p,c->slen,c->tag,c->xclass) == NULL) { c->error=ERR_R_ASN1_LIB; Loading @@ -302,7 +304,6 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) goto err; } memcpy(&(b.data[num]),os->data,os->length); if (!(c->inf & 1)) c->slen-=(c->p-c->q); num+=os->length; } Loading Loading
CHANGES +6 −2 Original line number Diff line number Diff line Loading @@ -2,9 +2,13 @@ OpenSSL CHANGES _______________ Changes between 0.9.6k and 0.9.6l [xx XXX XXXX] Changes between 0.9.6k and 0.9.6l [04 Nov 2003] *) *) Fix additional bug revealed by the NISCC test suite: Stop bug triggering large recursion when presented with certain ASN.1 tags (CAN-2003-0851) [Steve Henson] Changes between 0.9.6j and 0.9.6k [30 Sep 2003] Loading
NEWS +4 −0 Original line number Diff line number Diff line Loading @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. Major changes between OpenSSL 0.9.6k and OpenSSL 0.9.6l: o Security: fix ASN1 bug leading to large recursion Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k: o Security: fix various ASN1 parsing bugs. Loading
README +1 −1 Original line number Diff line number Diff line OpenSSL 0.9.6k [engine] 30 Sep 2003 OpenSSL 0.9.6l [engine] 04 Nov 2003 Copyright (c) 1998-2003 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Loading
STATUS +2 −1 Original line number Diff line number Diff line OpenSSL STATUS Last modified at ______________ $Date: 2003/10/02 18:09:27 $ ______________ $Date: 2003/11/04 11:33:10 $ DEVELOPMENT STATE Loading @@ -9,6 +9,7 @@ o OpenSSL 0.9.7b: Released on April 10th, 2003 o OpenSSL 0.9.7a: Released on February 19th, 2003 o OpenSSL 0.9.7: Released on December 31st, 2002 o OpenSSL 0.9.6l: Released on November 4th, 2003 o OpenSSL 0.9.6k: Released on September 30th, 2003 o OpenSSL 0.9.6j: Released on April 10th, 2003 o OpenSSL 0.9.6i: Released on February 19th, 2003 Loading
crypto/asn1/a_bytes.c +7 −6 Original line number Diff line number Diff line Loading @@ -201,6 +201,9 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length, c.pp=pp; c.p=p; c.inf=inf; if (inf & 1) c.slen = length - (p - *pp); else c.slen=len; c.tag=Ptag; c.xclass=Pclass; Loading Loading @@ -279,8 +282,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) { if (c->inf & 1) { c->eos=ASN1_check_infinite_end(&c->p, (long)(c->max-c->p)); c->eos=ASN1_check_infinite_end(&c->p, c->slen); if (c->eos) break; } else Loading @@ -289,7 +291,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) } c->q=c->p; if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass) if (d2i_ASN1_bytes(&os,&c->p,c->slen,c->tag,c->xclass) == NULL) { c->error=ERR_R_ASN1_LIB; Loading @@ -302,7 +304,6 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) goto err; } memcpy(&(b.data[num]),os->data,os->length); if (!(c->inf & 1)) c->slen-=(c->p-c->q); num+=os->length; } Loading
