projects / oweals / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Various parts of the RSA documentation were inaccurate and out of date and
[oweals/openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index 5c80970b52626bc347879d943ce3bf8abfa8aa5d..75b88b66f7411a3ba99c79b368cbc94438878a4a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1667,6 +1667,19 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Clean old EAY MD5 hack from e_os.h.
      [Richard Levitte]
 
+ Changes between 0.9.6e and 0.9.6f  [XX xxx XXXX]
+
+  *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+     and get fix the header length calculation.
+     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
+       Alon Kantor <alonk@checkpoint.com> (and others),
+       Steve Henson]
+
+  *) Use proper error handling instead of 'assertions' in buffer
+     overflow checks added in 0.9.6e.  This prevents DoS (the
+     assertions could call abort()).
+     [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
+  
  Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
 
   *) Add various sanity checks to asn1_get_length() to reject
Unnamed repository; edit this file 'description' to name the repository.