From abe6016909259942e4406e3f1ad00457ed92ad7b Mon Sep 17 00:00:00 2001
From: simon <simon@FreeBSD.org>
Date: Wed, 7 Jan 2009 20:17:55 +0000
Subject: Prevent cross-site forgery attacks on lukemftpd(8) due to splitting
 long commands into multiple requests. [09:01]

Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]

Security:	FreeBSD-SA-09:01.lukemftpd
Security:	FreeBSD-SA-09:02.openssl
Obtained from:	NetBSD [SA-09:01]
Obtained from:	OpenSSL Project [SA-09:02]
Approved by:	so (simon)
---
 crypto/openssl/ssl/ssltest.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'crypto/openssl/ssl/ssltest.c')

diff --git a/crypto/openssl/ssl/ssltest.c b/crypto/openssl/ssl/ssltest.c
index 517657c0..41dafbb 100644
--- a/crypto/openssl/ssl/ssltest.c
+++ b/crypto/openssl/ssl/ssltest.c
@@ -2072,7 +2072,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
 
 	if (cb_arg->proxy_auth)
 		{
-		if (ok)
+		if (ok > 0)
 			{
 			const char *cond_end = NULL;
 
-- 
cgit v1.1