Date: Thu, 19 Mar 2015 18:04:44 -0400 From: "Ted Unangst" <tedu@tedunangst.com> To: freebsd-security@freebsd.org Subject: bad patch for openssl Message-ID: <c57e6b1fabe02dc9b907f582@tedunangst.com>
next in thread | raw e-mail | index | archive | help
I notice the posted patch includes a change to tasn_dec.c that doesn't work.
- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
- return *pval;
+ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
+ ptmpval = *pval;
+ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
This will, among other things, prevent nginx 1.6 from loading keys.
The diff was included in the preannouncement material, but is not part of the
any of the final openssl releases.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c57e6b1fabe02dc9b907f582>