OpenSSL CHANGES
_______________
- Changes between 0.9.6k and 0.9.6l [xx XXX XXXX]
+ Changes between 0.9.6k and 0.9.6l [04 Nov 2003]
- *)
+ *) Fix additional bug revealed by the NISCC test suite:
+
+ Stop bug triggering large recursion when presented with
+ certain ASN.1 tags (CAN-2003-0851)
+ [Steve Henson]
Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.6k and OpenSSL 0.9.6l:
+
+ o Security: fix ASN1 bug leading to large recursion
+
Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
o Security: fix various ASN1 parsing bugs.
- OpenSSL 0.9.6k [engine] 30 Sep 2003
+ OpenSSL 0.9.6l [engine] 04 Nov 2003
Copyright (c) 1998-2003 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
OpenSSL STATUS Last modified at
- ______________ $Date: 2003/10/02 18:09:27 $
+ ______________ $Date: 2003/11/04 11:33:10 $
DEVELOPMENT STATE
o OpenSSL 0.9.7b: Released on April 10th, 2003
o OpenSSL 0.9.7a: Released on February 19th, 2003
o OpenSSL 0.9.7: Released on December 31st, 2002
+ o OpenSSL 0.9.6l: Released on November 4th, 2003
o OpenSSL 0.9.6k: Released on September 30th, 2003
o OpenSSL 0.9.6j: Released on April 10th, 2003
o OpenSSL 0.9.6i: Released on February 19th, 2003
c.pp=pp;
c.p=p;
c.inf=inf;
- c.slen=len;
+ if (inf & 1)
+ c.slen = length - (p - *pp);
+ else
+ c.slen=len;
c.tag=Ptag;
c.xclass=Pclass;
c.max=(length == 0)?0:(p+length);
{
if (c->inf & 1)
{
- c->eos=ASN1_check_infinite_end(&c->p,
- (long)(c->max-c->p));
+ c->eos=ASN1_check_infinite_end(&c->p, c->slen);
if (c->eos) break;
}
else
}
c->q=c->p;
- if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
+ if (d2i_ASN1_bytes(&os,&c->p,c->slen,c->tag,c->xclass)
== NULL)
{
c->error=ERR_R_ASN1_LIB;
goto err;
}
memcpy(&(b.data[num]),os->data,os->length);
- if (!(c->inf & 1))
- c->slen-=(c->p-c->q);
+ c->slen-=(c->p-c->q);
num+=os->length;
}
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x009060c0L
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6l-dev [engine] xx XXX XXXX"
+#define OPENSSL_VERSION_NUMBER 0x009060cfL
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6l [engine] 04 Nov 2003"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
%define libmaj 0
%define libmin 9
%define librel 6
-%define librev k
+%define librev l
Release: 1
%define openssldir /var/ssl
projects / oweals / openssl.git / commitdiff