Overview

File eID-belgium-2.5.9-CVE-2009-0049.patch of Package eID-belgium

Index: src/eidlib/Verify.cpp
===================================================================
--- src/eidlib/Verify.cpp.orig	2006-06-19 16:08:43.000000000 +0200
+++ src/eidlib/Verify.cpp	2009-02-18 03:41:48.000000000 +0100
@@ -1084,7 +1084,7 @@ int CVerify::VerifySignature(const unsig
 
     EVP_VerifyInit(&cmd_ctx, EVP_sha1());
     EVP_VerifyUpdate(&cmd_ctx, pucData, ulDataLen);
-    iRet = 2*iDiffRNCert + !EVP_VerifyFinal(&cmd_ctx, (unsigned char *)pucSig, ulSigLen, pKey);
+    iRet = 2*iDiffRNCert + (EVP_VerifyFinal(&cmd_ctx, (unsigned char *)pucSig, ulSigLen, pKey) == 1 ? 0 : 1);
     EVP_PKEY_free(pKey);
     X509_free(pX509);
     return iRet;
openSUSE Build Service is sponsored by
Places