Apply security fix: http://www.openssl.org/news/secadv_20030930.txt
Changelog from: http://cvs.openssl.org/chngview?cn=11471
This commit is contained in:
parent
ef852c60a0
commit
0a7cc0d7d1
|
@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
|
|||
l<<=7L;
|
||||
l|= *(p++)&0x7f;
|
||||
if (--max == 0) goto err;
|
||||
if (l > (INT_MAX >> 7L)) goto err;
|
||||
}
|
||||
l<<=7L;
|
||||
l|= *(p++)&0x7f;
|
||||
tag=(int)l;
|
||||
if (--max == 0) goto err;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
@ -691,6 +691,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
|
|||
|
||||
int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
|
||||
{
|
||||
ASN1_VALUE **opval = NULL;
|
||||
ASN1_STRING *stmp;
|
||||
ASN1_TYPE *typ = NULL;
|
||||
int ret = 0;
|
||||
|
@ -705,6 +706,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
|
|||
*pval = (ASN1_VALUE *)typ;
|
||||
} else typ = (ASN1_TYPE *)*pval;
|
||||
if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
|
||||
opval = pval;
|
||||
pval = (ASN1_VALUE **)&typ->value.ptr;
|
||||
}
|
||||
switch(utype) {
|
||||
|
@ -796,7 +798,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
|
|||
|
||||
ret = 1;
|
||||
err:
|
||||
if(!ret) ASN1_TYPE_free(typ);
|
||||
if(!ret)
|
||||
{
|
||||
ASN1_TYPE_free(typ);
|
||||
if (opval)
|
||||
*opval = NULL;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
|
@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
|
|||
ok=(*cb)(0,ctx);
|
||||
if (!ok) goto end;
|
||||
}
|
||||
if (X509_verify(xs,pkey) <= 0)
|
||||
else if (X509_verify(xs,pkey) <= 0)
|
||||
/* XXX For the final trusted self-signed cert,
|
||||
* this is a waste of time. That check should
|
||||
* optional so that e.g. 'openssl x509' can be
|
||||
|
|
Loading…
Reference in New Issue