1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
diff -cr openssl6/CHANGES ossl6/CHANGES
*** openssl6/CHANGES Wed Sep 3 23:35:53 2003
--- ossl6/CHANGES Mon Sep 29 21:21:21 2003
***************
*** 4,9 ****
--- 4,19 ----
Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
+ *) Fix various bugs revealed by running the NISCC test suite:
+
+ Stop out of bounds reads in the ASN1 code when presented with
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
+
+ If verify callback ignores invalid public key errors don't try to check
+ certificate signature with the NULL public key.
+
+ [Steve Henson]
+
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
if the server requested one: as stated in TLS 1.0 and SSL 3.0
specifications.
diff -cr openssl6/crypto/asn1/asn1_lib.c ossl6/crypto/asn1/asn1_lib.c
*** openssl6/crypto/asn1/asn1_lib.c Fri Aug 2 19:00:21 2002
--- ossl6/crypto/asn1/asn1_lib.c Mon Sep 29 21:21:21 2003
***************
*** 104,113 ****
--- 104,115 ----
l<<=7L;
l|= *(p++)&0x7f;
if (--max == 0) goto err;
+ if (l > (INT_MAX >> 7L)) goto err;
}
l<<=7L;
l|= *(p++)&0x7f;
tag=(int)l;
+ if (--max == 0) goto err;
}
else
{
diff -cr openssl6/crypto/x509/x509_vfy.c ossl6/crypto/x509/x509_vfy.c
*** openssl6/crypto/x509/x509_vfy.c Tue Dec 10 08:28:16 2002
--- ossl6/crypto/x509/x509_vfy.c Mon Sep 29 21:21:21 2003
***************
*** 490,496 ****
ok=(*cb)(0,ctx);
if (!ok) goto end;
}
! if (X509_verify(xs,pkey) <= 0)
{
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert=xs;
--- 490,496 ----
ok=(*cb)(0,ctx);
if (!ok) goto end;
}
! else if (X509_verify(xs,pkey) <= 0)
{
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert=xs;
|
