Context Navigation

← Previous Ticket
Next Ticket →

#823 closed Defect (fixed)

boinc does not check the RSA_public_decrypt() return value

Reported by:	mjakubicek	Owned by:	davea
Priority:	Critical	Milestone:	Undetermined
Component:	Client - Daemon	Version:	6.6.37
Keywords:	Security	Cc:	mjakubicek

Description

Please see:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521

and

https://bugzilla.redhat.com/show_bug.cgi?id=479664

Change History (4)

comment:1 Changed 16 years ago by chris49

http://openssl.org/news/secadv_20090107.txt

"[...]Recommendations for users of OpenSSL =====================================

Users of OpenSSL 0.9.8 should update to the OpenSSL 0.9.8j release which contains a patch to correct this issue.[...]"

0.9.8j is working well, we should add test cases for OpenSSL communication on BOINC alpha test

comment:2 Changed 16 years ago by davea

Resolution:	→ fixed
Status:	new → closed

(In [16883]) - lib: check return values of RSA_*() functions.

Also fix a memory leak, missing RSA_free(). Fixes #823.

comment:3 Changed 15 years ago by mjakubicek

Cc:	mjakubicek added
Resolution:	fixed
Status:	closed → reopened
Version:	6.4.5 → 6.6.37

Reopening, it is still not fixed in the 6.6 branch. Please pay attention to fix bugs not only in trunk, but also in active branches, especially when it comes to security issues.

comment:4 Changed 15 years ago by romw

Resolution:	→ fixed
Status:	reopened → closed

This was fixed in the 6.6a branch.

Note: See TracTickets for help on using tickets.

Download in other formats: