From abe6016909259942e4406e3f1ad00457ed92ad7b Mon Sep 17 00:00:00 2001
From: simon <simon@FreeBSD.org>
Date: Wed, 7 Jan 2009 20:17:55 +0000
Subject: Prevent cross-site forgery attacks on lukemftpd(8) due to splitting
 long commands into multiple requests. [09:01]

Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]

Security:	FreeBSD-SA-09:01.lukemftpd
Security:	FreeBSD-SA-09:02.openssl
Obtained from:	NetBSD [SA-09:01]
Obtained from:	OpenSSL Project [SA-09:02]
Approved by:	so (simon)
---
 crypto/openssl/apps/spkac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'crypto/openssl/apps/spkac.c')

diff --git a/crypto/openssl/apps/spkac.c b/crypto/openssl/apps/spkac.c
index 0191d0a..01fe406 100644
--- a/crypto/openssl/apps/spkac.c
+++ b/crypto/openssl/apps/spkac.c
@@ -285,7 +285,7 @@ bad:
 	pkey = NETSCAPE_SPKI_get_pubkey(spki);
 	if(verify) {
 		i = NETSCAPE_SPKI_verify(spki, pkey);
-		if(i) BIO_printf(bio_err, "Signature OK\n");
+		if (i > 0) BIO_printf(bio_err, "Signature OK\n");
 		else {
 			BIO_printf(bio_err, "Signature Failure\n");
 			ERR_print_errors(bio_err);
-- 
cgit v1.1