Bug#511519: libcrypt-openssl-dsa-perl: return values of openssl functions.
Kurt Roeckx
kurt at roeckx.be
Sun Jan 11 19:36:34 UTC 2009
Package: libcrypt-openssl-dsa-perl
Severity: serious
Tags: security
Hi,
I've been checking packages to see if they properly check the return
value of some of the functions in openssl.
It seems that your package calls functions like DSA_verify
and DSA_do_verify and just returns those values. Looking
at the documentation, it seems to suggest that != 0 would
mean that it was succesful.
However those functions can also return -1 on failure. This
would then mean that other applications making use of this
could wrongly check the return value.
Kurt
More information about the pkg-perl-maintainers
mailing list