doc/share/security/patches/SA-03:18/openssl97.patch

Index: crypto/openssl/crypto/asn1/asn1_lib.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/asn1_lib.c,v
retrieving revision 1.1.1.8
diff -p -c -r1.1.1.8 asn1_lib.c
*** crypto/openssl/crypto/asn1/asn1_lib.c	28 Jan 2003 21:16:10 -0000	1.1.1.8
--- crypto/openssl/crypto/asn1/asn1_lib.c	3 Oct 2003 14:48:26 -0000
*************** int ASN1_get_object(unsigned char **pp, 
*** 104,113 ****
--- 104,115 ----
  			l<<=7L;
  			l|= *(p++)&0x7f;
  			if (--max == 0) goto err;
+ 			if (l > (INT_MAX >> 7L)) goto err;
  			}
  		l<<=7L;
  		l|= *(p++)&0x7f;
  		tag=(int)l;
+ 		if (--max == 0) goto err;
  		}
  	else
  		{ 
Index: crypto/openssl/crypto/asn1/tasn_dec.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/tasn_dec.c,v
retrieving revision 1.1.1.1
diff -p -c -r1.1.1.1 tasn_dec.c
*** crypto/openssl/crypto/asn1/tasn_dec.c	28 Jan 2003 21:16:51 -0000	1.1.1.1
--- crypto/openssl/crypto/asn1/tasn_dec.c	3 Oct 2003 14:48:26 -0000
*************** static int asn1_d2i_ex_primitive(ASN1_VA
*** 691,696 ****
--- 691,697 ----
  
  int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
  {
+ 	ASN1_VALUE **opval = NULL;
  	ASN1_STRING *stmp;
  	ASN1_TYPE *typ = NULL;
  	int ret = 0;
*************** int asn1_ex_c2i(ASN1_VALUE **pval, unsig
*** 705,710 ****
--- 706,712 ----
  			*pval = (ASN1_VALUE *)typ;
  		} else typ = (ASN1_TYPE *)*pval;
  		if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
+ 		opval = pval;
  		pval = (ASN1_VALUE **)&typ->value.ptr;
  	}
  	switch(utype) {
*************** int asn1_ex_c2i(ASN1_VALUE **pval, unsig
*** 796,802 ****
  
  	ret = 1;
  	err:
! 	if(!ret) ASN1_TYPE_free(typ);
  	return ret;
  }
  
--- 798,809 ----
  
  	ret = 1;
  	err:
! 	if(!ret)
! 		{
! 		ASN1_TYPE_free(typ);
! 		if (opval)
! 			*opval = NULL;
! 		}
  	return ret;
  }
  
Index: crypto/openssl/crypto/x509/x509_vfy.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssl/crypto/x509/x509_vfy.c,v
retrieving revision 1.1.1.5
diff -p -c -r1.1.1.5 x509_vfy.c
*** crypto/openssl/crypto/x509/x509_vfy.c	28 Jan 2003 21:30:32 -0000	1.1.1.5
--- crypto/openssl/crypto/x509/x509_vfy.c	3 Oct 2003 14:48:26 -0000
*************** static int internal_verify(X509_STORE_CT
*** 674,680 ****
  				ok=(*cb)(0,ctx);
  				if (!ok) goto end;
  				}
! 			if (X509_verify(xs,pkey) <= 0)
  				/* XXX  For the final trusted self-signed cert,
  				 * this is a waste of time.  That check should
  				 * optional so that e.g. 'openssl x509' can be
--- 674,680 ----
  				ok=(*cb)(0,ctx);
  				if (!ok) goto end;
  				}
! 			else if (X509_verify(xs,pkey) <= 0)
  				/* XXX  For the final trusted self-signed cert,
  				 * this is a waste of time.  That check should
  				 * optional so that e.g. 'openssl x509' can be
Index: crypto/openssl/ssl/s3_srvr.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_srvr.c,v
retrieving revision 1.1.1.11
diff -p -c -r1.1.1.11 s3_srvr.c
*** crypto/openssl/ssl/s3_srvr.c	20 Mar 2003 20:41:45 -0000	1.1.1.11
--- crypto/openssl/ssl/s3_srvr.c	3 Oct 2003 14:48:26 -0000
*************** int ssl3_accept(SSL *s)
*** 431,440 ****
  			if (ret == 2)
  				s->state = SSL3_ST_SR_CLNT_HELLO_C;
  			else {
! 				/* could be sent for a DH cert, even if we
! 				 * have not asked for it :-) */
! 				ret=ssl3_get_client_certificate(s);
! 				if (ret <= 0) goto end;
  				s->init_num=0;
  				s->state=SSL3_ST_SR_KEY_EXCH_A;
  			}
--- 431,441 ----
  			if (ret == 2)
  				s->state = SSL3_ST_SR_CLNT_HELLO_C;
  			else {
! 				if (s->s3->tmp.cert_request)
! 					{
! 					ret=ssl3_get_client_certificate(s);
! 					if (ret <= 0) goto end;
! 					}
  				s->init_num=0;
  				s->state=SSL3_ST_SR_KEY_EXCH_A;
  			}