Index: crypto/openssl/crypto/asn1/asn1_lib.c =================================================================== RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/asn1_lib.c,v retrieving revision 1.1.1.8 diff -p -c -r1.1.1.8 asn1_lib.c *** crypto/openssl/crypto/asn1/asn1_lib.c 28 Jan 2003 21:16:10 -0000 1.1.1.8 --- crypto/openssl/crypto/asn1/asn1_lib.c 3 Oct 2003 14:48:26 -0000 *************** int ASN1_get_object(unsigned char **pp, *** 104,113 **** --- 104,115 ---- l<<=7L; l|= *(p++)&0x7f; if (--max == 0) goto err; + if (l > (INT_MAX >> 7L)) goto err; } l<<=7L; l|= *(p++)&0x7f; tag=(int)l; + if (--max == 0) goto err; } else { Index: crypto/openssl/crypto/asn1/tasn_dec.c =================================================================== RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/tasn_dec.c,v retrieving revision 1.1.1.1 diff -p -c -r1.1.1.1 tasn_dec.c *** crypto/openssl/crypto/asn1/tasn_dec.c 28 Jan 2003 21:16:51 -0000 1.1.1.1 --- crypto/openssl/crypto/asn1/tasn_dec.c 3 Oct 2003 14:48:26 -0000 *************** static int asn1_d2i_ex_primitive(ASN1_VA *** 691,696 **** --- 691,697 ---- int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { + ASN1_VALUE **opval = NULL; ASN1_STRING *stmp; ASN1_TYPE *typ = NULL; int ret = 0; *************** int asn1_ex_c2i(ASN1_VALUE **pval, unsig *** 705,710 **** --- 706,712 ---- *pval = (ASN1_VALUE *)typ; } else typ = (ASN1_TYPE *)*pval; if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); + opval = pval; pval = (ASN1_VALUE **)&typ->value.ptr; } switch(utype) { *************** int asn1_ex_c2i(ASN1_VALUE **pval, unsig *** 796,802 **** ret = 1; err: ! if(!ret) ASN1_TYPE_free(typ); return ret; } --- 798,809 ---- ret = 1; err: ! if(!ret) ! { ! ASN1_TYPE_free(typ); ! if (opval) ! *opval = NULL; ! } return ret; } Index: crypto/openssl/crypto/x509/x509_vfy.c =================================================================== RCS file: /home/ncvs/src/crypto/openssl/crypto/x509/x509_vfy.c,v retrieving revision 1.1.1.5 diff -p -c -r1.1.1.5 x509_vfy.c *** crypto/openssl/crypto/x509/x509_vfy.c 28 Jan 2003 21:30:32 -0000 1.1.1.5 --- crypto/openssl/crypto/x509/x509_vfy.c 3 Oct 2003 14:48:26 -0000 *************** static int internal_verify(X509_STORE_CT *** 674,680 **** ok=(*cb)(0,ctx); if (!ok) goto end; } ! if (X509_verify(xs,pkey) <= 0) /* XXX For the final trusted self-signed cert, * this is a waste of time. That check should * optional so that e.g. 'openssl x509' can be --- 674,680 ---- ok=(*cb)(0,ctx); if (!ok) goto end; } ! else if (X509_verify(xs,pkey) <= 0) /* XXX For the final trusted self-signed cert, * this is a waste of time. That check should * optional so that e.g. 'openssl x509' can be Index: crypto/openssl/ssl/s3_srvr.c =================================================================== RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_srvr.c,v retrieving revision 1.1.1.11 diff -p -c -r1.1.1.11 s3_srvr.c *** crypto/openssl/ssl/s3_srvr.c 20 Mar 2003 20:41:45 -0000 1.1.1.11 --- crypto/openssl/ssl/s3_srvr.c 3 Oct 2003 14:48:26 -0000 *************** int ssl3_accept(SSL *s) *** 431,440 **** if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { ! /* could be sent for a DH cert, even if we ! * have not asked for it :-) */ ! ret=ssl3_get_client_certificate(s); ! if (ret <= 0) goto end; s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } --- 431,441 ---- if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { ! if (s->s3->tmp.cert_request) ! { ! ret=ssl3_get_client_certificate(s); ! if (ret <= 0) goto end; ! } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; }