
Patch to correct CAN-2003-0543 CAN-2003-0544 CAN-2003-0545 for OpenSSL 0.9.7
To use this patch run "patch -p1 < openssl7.patch" in your OpenSSL source dir

Submitted by: Stephen Henson <steve@openssl.org>

diff -ur -x CVS openssl7/crypto/asn1/asn1_lib.c ossl7/crypto/asn1/asn1_lib.c
--- openssl7/crypto/asn1/asn1_lib.c	2002-08-02 20:03:41.000000000 +0100
+++ ossl7/crypto/asn1/asn1_lib.c	2003-08-23 18:46:22.000000000 +0100
@@ -104,10 +104,12 @@
 			l<<=7L;
 			l|= *(p++)&0x7f;
 			if (--max == 0) goto err;
+			if (l > (INT_MAX >> 7L)) goto err;
 			}
 		l<<=7L;
 		l|= *(p++)&0x7f;
 		tag=(int)l;
+		if (--max == 0) goto err;
 		}
 	else
 		{ 
diff -ur -x CVS openssl7/crypto/asn1/tasn_dec.c ossl7/crypto/asn1/tasn_dec.c
--- openssl7/crypto/asn1/tasn_dec.c	2002-11-12 13:21:26.000000000 +0000
+++ ossl7/crypto/asn1/tasn_dec.c	2003-08-23 18:46:22.000000000 +0100
@@ -691,6 +691,7 @@
 
 int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
 {
+	ASN1_VALUE **opval = NULL;
 	ASN1_STRING *stmp;
 	ASN1_TYPE *typ = NULL;
 	int ret = 0;
@@ -705,6 +706,7 @@
 			*pval = (ASN1_VALUE *)typ;
 		} else typ = (ASN1_TYPE *)*pval;
 		if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
+		opval = pval;
 		pval = (ASN1_VALUE **)&typ->value.ptr;
 	}
 	switch(utype) {
@@ -796,7 +798,12 @@
 
 	ret = 1;
 	err:
-	if(!ret) ASN1_TYPE_free(typ);
+	if(!ret)
+		{
+		ASN1_TYPE_free(typ);
+		if (opval)
+			*opval = NULL;
+		}
 	return ret;
 }
 
diff -ur -x CVS openssl7/crypto/x509/x509_vfy.c ossl7/crypto/x509/x509_vfy.c
--- openssl7/crypto/x509/x509_vfy.c	2003-06-04 01:40:47.000000000 +0100
+++ ossl7/crypto/x509/x509_vfy.c	2003-08-23 23:06:32.000000000 +0100
@@ -674,7 +674,7 @@
 				ok=(*cb)(0,ctx);
 				if (!ok) goto end;
 				}
-			if (X509_verify(xs,pkey) <= 0)
+			else if (X509_verify(xs,pkey) <= 0)
 				/* XXX  For the final trusted self-signed cert,
 				 * this is a waste of time.  That check should
 				 * optional so that e.g. 'openssl x509' can be
