From 7ce8c95d58ded63f9b5d40d98d9329b2cc751827 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 25 Mar 2009 12:53:26 +0000 Subject: [PATCH] Update from stable branch. --- CHANGES | 5 +++++ crypto/asn1/asn1.h | 2 ++ 2 files changed, 7 insertions(+) diff --git a/CHANGES b/CHANGES index 565645aab0..024b05da11 100644 --- a/CHANGES +++ b/CHANGES @@ -751,6 +751,11 @@ Changes between 0.9.8j and 0.9.8k [xx XXX xxxx] + *) Reject UniversalString and BMPString types with invalid lengths. This + prevents a crash in ASN1_STRING_print_ex() which assumes the strings have + a legal length. (CVE-2009-0590) + [Steve Henson] + *) Set S/MIME signing as the default purpose rather than setting it unconditionally. This allows applications to override it at the store level. diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 2c0e05ba0f..6129d0a1cf 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1278,6 +1278,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_BAD_OBJECT_HEADER 102 #define ASN1_R_BAD_PASSWORD_READ 103 #define ASN1_R_BAD_TAG 104 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 #define ASN1_R_BN_LIB 105 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 #define ASN1_R_BUFFER_TOO_SMALL 107 @@ -1369,6 +1370,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 #define ASN1_R_UNKNOWN_FORMAT 160 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 -- 2.25.1