From b0dc11160cdc5800461cc42198a66cf01fad5cc9 Mon Sep 17 00:00:00 2001
From: Mariusz Mazur <mmazur@pld-linux.org>
Date: Tue, 17 Sep 2002 20:56:53 +0000
Subject: [PATCH] - fix an overflow iplemented in a fix for an overflow :)   
 ASN1

Changed files:
    openssl-0.9.6c-security.patch -> 1.4
---
 openssl-0.9.6c-security.patch | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/openssl-0.9.6c-security.patch b/openssl-0.9.6c-security.patch
index f994eb9..92daecf 100644
--- a/openssl-0.9.6c-security.patch
+++ b/openssl-0.9.6c-security.patch
@@ -31,6 +31,14 @@
  #endif
 --- crypto/asn1/asn1_lib.c.orig	Fri Mar 30 06:42:32 2001
 +++ crypto/asn1/asn1_lib.c	Fri Jul 26 10:43:56 2002
+@@ -57,6 +57,7 @@
+  */
+ 
+ #include <stdio.h>
++#include <limits.h>
+ #include "cryptlib.h"
+ #include <openssl/asn1.h>
+ #include <openssl/asn1_mac.h>
 @@ -124,15 +124,13 @@
  		(int)(omax+ *pp));
  
@@ -48,6 +56,15 @@
  	*pp=p;
  	return(ret|inf);
  err:
+@@ -143,7 +142,7 @@
+ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
+ 	{
+ 	unsigned char *p= *pp;
+-	long ret=0;
++	unsigned long ret=0;
+ 	int i;
+ 
+ 	if (max-- < 1) return(0);
 @@ -159,6 +157,8 @@
  		i= *p&0x7f;
  		if (*(p++) & 0x80)
@@ -57,15 +74,18 @@
  			if (max-- == 0) return(0);
  			while (i-- > 0)
  				{
-@@ -170,6 +170,8 @@
+@@ -170,8 +171,10 @@
  		else
  			ret=i;
  		}
-+	if (ret < 0)
++	if (ret > LONG_MAX)
 +		return 0;
  	*pp=p;
- 	*rl=ret;
+-	*rl=ret;
++	*rl=(long)ret;
  	return(1);
+ 	}
+  
 @@ -407,7 +407,7 @@
  
  void asn1_add_error(unsigned char *address, int offset)
-- 
2.43.0