Dear OpenSSL development team,
I think I have found two bugs in the openssl library. I'm using version 0.92b,
but I checked it with cvsweb and I have seen no fixes for them in version 0.93
1. In the file crypto/evp/e_cbc_r2.c the function rc2_meth_to_magic(e)
calls the EVP_CIPHER_key_length function, which returns the keylength in bytes,
but afterwards this size is compared to 40, 64 and 128 which are in bits.
Therefore the size should be multiplied by eight before the comparision:
static int rc2_meth_to_magic(e)
EVP_CIPHER *e;
{
int i;
i=EVP_CIPHER_key_length(e)*8;
if (i == 128) return(RC2_128_MAGIC);
else if (i == 64) return(RC2_64_MAGIC);
else if (i == 40) return(RC2_40_MAGIC);
else return(0);
}
2. The management of the compression methods are flawed. Consider the following:
- calling SSL_COMP_add_compression_method, it creates the
ssl_comp_methods
stack and adds the SSL_COMP structure
- calling SSL_CTX_new, the comp_methods member is assigned the value
of ssl_comp_methods:
ret->comp_methods=SSL_COMP_get_compression_methods();
- connecting, data transfer etc.
- when calling the SSL_CTX_free, the comp_methods member is freed,
but the ssl_comp_methods
remains non-zero:
if (a->comp_methods != NULL) sk_pop_free(a->comp_methods,FreeFunc);
- Now an another SSL_CTX_new will assign the invalid value
ssl_comp_methods to the comp_methods member
- SSL_COMP_add_compression_method will try to push a SSL_COMP into
the already freed ssl_comp_methods
3. I also have a question. What is supposed to be the first parameter of
SSL_COMP_add_compression_method?
Best wishes,
Daniel Marx
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
