Index: crypto/openssl/crypto/asn1/asn1_lib.c =================================================================== RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/asn1_lib.c,v retrieving revision 1.1.1.7 diff -p -c -r1.1.1.7 asn1_lib.c *** crypto/openssl/crypto/asn1/asn1_lib.c 10 Aug 2002 01:39:27 -0000 1.1.1.7 --- crypto/openssl/crypto/asn1/asn1_lib.c 3 Oct 2003 17:52:04 -0000 *************** int ASN1_get_object(unsigned char **pp, *** 104,113 **** --- 104,115 ---- l<<=7L; l|= *(p++)&0x7f; if (--max == 0) goto err; + if (l > (INT_MAX >> 7L)) goto err; } l<<=7L; l|= *(p++)&0x7f; tag=(int)l; + if (--max == 0) goto err; } else { Index: crypto/openssl/crypto/x509/x509_vfy.c =================================================================== RCS file: /home/ncvs/src/crypto/openssl/crypto/x509/x509_vfy.c,v retrieving revision 1.1.1.4.2.1 diff -p -c -r1.1.1.4.2.1 x509_vfy.c *** crypto/openssl/crypto/x509/x509_vfy.c 20 Feb 2003 17:14:19 -0000 1.1.1.4.2.1 --- crypto/openssl/crypto/x509/x509_vfy.c 3 Oct 2003 17:52:04 -0000 *************** static int internal_verify(X509_STORE_CT *** 490,496 **** ok=(*cb)(0,ctx); if (!ok) goto end; } ! if (X509_verify(xs,pkey) <= 0) { ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert=xs; --- 490,496 ---- ok=(*cb)(0,ctx); if (!ok) goto end; } ! else if (X509_verify(xs,pkey) <= 0) { ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert=xs; Index: crypto/openssl/ssl/s3_srvr.c =================================================================== RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_srvr.c,v retrieving revision 1.1.1.9.2.2 diff -p -c -r1.1.1.9.2.2 s3_srvr.c *** crypto/openssl/ssl/s3_srvr.c 21 Mar 2003 16:13:06 -0000 1.1.1.9.2.2 --- crypto/openssl/ssl/s3_srvr.c 3 Oct 2003 17:52:04 -0000 *************** int ssl3_accept(SSL *s) *** 420,429 **** if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { ! /* could be sent for a DH cert, even if we ! * have not asked for it :-) */ ! ret=ssl3_get_client_certificate(s); ! if (ret <= 0) goto end; s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } --- 420,430 ---- if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { ! if (s->s3->tmp.cert_request) ! { ! ret=ssl3_get_client_certificate(s); ! if (ret <= 0) goto end; ! } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; }