1 INFO-VAX	Tue, 30 Jul 2002	Volume 2002 : Issue 417       Contents: Alpha Salesman?  Re: Alpha Salesman?  Apache as proxy server on VMS ' Building CSWS from source with multinet  CGI/Perl on VMS  Re: Clusterwide logicals Re: Clusterwide logicals Re: Clusterwide logicals Re: Clusterwide logicals Re: Clusterwide logicals Re: Clusterwide logicals Re: Clusterwide logicals Re: Clusterwide logicals Re: Copyright on hobbyist cd?  Re: Copyright on hobbyist cd?  Re: Copyright on hobbyist cd?  Re: Copyright on hobbyist cd?  Re: Copyright on hobbyist cd?  Re: Copyright on hobbyist cd?  Re: Copyright on hobbyist cd?  Re: Copyright on hobbyist cd?  Re: Copyright on hobbyist cd?  Re: Copyright on hobbyist cd?  Re: Copyright on hobbyist cd?  Credit Where Credit is Due Re: Fortran compiler Re: Fortran compilerI Fortran compiler was(RE: Dev tool docs on www.openvms.compaq.com:8000/ ?) P Re: Fortran compiler was(RE: Dev tool docs on www.openvms.compaq.com:8000/ ?) ?)P Re: Fortran compiler was(RE: Dev tool docs on www.openvms.compaq.com:8000/ ?) ww& Fw: OpenSSL patches for other versions5 Fw: OpenSSL Security Altert - Remote Buffer Overflows  Ideas: Re: Invoking db + Re: Itanic2 - the cHumPaq spin continues... + Re: Itanic2 - the cHumPaq spin continues... + Re: Itanic2 - the cHumPaq spin continues... + Re: Itanic2 - the cHumPaq spin continues... + Re: Itanic2 - the cHumPaq spin continues...  Re: Locked Tape$c device Locked Tape$c device Re: Locked Tape$c device Re: Locked Tape$c device Re: Locked Tape$c device Re: Locked Tape$c device Re: Low-level format SCSI disk Re: Low-level format SCSI disk Re: Low-level format SCSI disk% Re: Running an .EXE from a .COM file.  Re: Sort file protection Re: Storageworks For OVMS Class  Re: Storageworks For OVMS Class  UPDATE: PL/I HOBBYIST kit ! Re: Using PCA on an Apache module : VT-emulation and Prusik Peak... (Was:Clusterwide logicals)H Re: What happens when you have more than 1000 current print/batch jobs ?H Re: What happens when you have more than 1000 current print/batch jobs ?H Re: What happens when you have more than 1000 current print/batch jobs ?  F ----------------------------------------------------------------------  % Date: Tue, 30 Jul 2002 06:21:33 -0400 ) From: "Neil Rieck" <n.rieck@sympatico.ca>  Subject: Alpha Salesman?7 Message-ID: <OMt19.235$dn3.70259@news20.bellglobal.com>   H On Tuesday (2002-07-29) I sent an email to my Alpha sales rep in TorontoI only to learn that his last day was the previous Friday. It seems that he L was tapped on the shoulder as part of HP's workforce reduction program afterI serving up 15 years (he started with DEC). Is this the fist event in this ) area or has it been going on for a while?   
 Neil Rieck Kitchener/Waterloo/Cambridge,  Ontario, Canada.! http://www3.sympatico.ca/n.rieck/    ------------------------------  # Date: Tue, 30 Jul 2002 14:02:39 GMT 1 From: "Terry C. Shannon" <terryshannon@attbi.com>  Subject: Re: Alpha Salesman?/ Message-ID: <30x19.185095$Wt3.138651@rwcrnsc53>   L I can't speak for Toronto specifically, but layoffs are going on in MarlboroG right now. Apparently less than half the 15K potential emigres took the 
 package...  4 "Neil Rieck" <n.rieck@sympatico.ca> wrote in message1 news:OMt19.235$dn3.70259@news20.bellglobal.com... J > On Tuesday (2002-07-29) I sent an email to my Alpha sales rep in TorontoK > only to learn that his last day was the previous Friday. It seems that he H > was tapped on the shoulder as part of HP's workforce reduction program after K > serving up 15 years (he started with DEC). Is this the fist event in this + > area or has it been going on for a while?  >  > Neil Rieck > Kitchener/Waterloo/Cambridge,  > Ontario, Canada.# > http://www3.sympatico.ca/n.rieck/  >  >  >    ------------------------------  % Date: Tue, 30 Jul 2002 14:00:23 +0200 = From: Arne =?iso-8859-1?Q?Vajh=F8j?= <arne.vajhoej@gtech.com> & Subject: Apache as proxy server on VMS) Message-ID: <3D467FD7.67EFDFEA@gtech.com>   + Anyone used Apache as proxy server on VMS ?   4 Ant special hints or experiences youy are willing to share ?   8 [my status on the project is that I have just downloaded the kit]   Arne   ------------------------------  % Date: Tue, 30 Jul 2002 08:17:19 -0700 , From: "James Gessling" <jgessling@yahoo.com>0 Subject: Building CSWS from source with multinet5 Message-ID: <ai6am0$11q8c4$1@ID-46415.news.dfncis.de>   J Success!  In May I had posted my problem with not having ucx$inetdef.h notL being available on the system I was using.  I managed to find one and put it/ in sys$library.  Now I have a good build using:   / $ mms/macro=("CONFIG_NOSSL=1","CONFIG_DEBUG=1")   E Having the debug information in there will (hopefully) allow me to do C the PCA analysis that I need.  Thanks to all who helped me on this.    Jim    ------------------------------  % Date: Tue, 30 Jul 2002 11:47:12 -0500 + From: Chuck Aaron <caaron@ceris.purdue.edu>  Subject: CGI/Perl on VMS0 Message-ID: <3D46C310.E32631A1@ceris.purdue.edu>   Group,  F It appears that when I get the "document contained no data..." message= that checking the net$server.log file revealed the following:    Unoptimized perl... 2 cpu ticks: 49  Buffered I/O: 2051, Direct I/o: 1582 --------------------------------------------------3 Connect request received at 30-jul-2002 10:08:18.77 '    from remote process Major::"0=HTTPD"     for object "WWWEXEC"   
 Any thoughts?    Chuck    ------------------------------  + Date: Tue, 30 Jul 2002 08:48:57 +0100 (MET) 9 From: Phillip Helbig <HELBPHI@sysdev.deutsche-boerse.com> ! Subject: Re: Clusterwide logicals ; Message-ID: <01KKP7J1RW1Y99L6G5@sysdev.deutsche-boerse.com>   H > I'm trying to create a clusterwide logical name, and the documentation > states as quoted: F > "To create a clusterwide logical name, you must have (...) or SYSNAMA > privilege if you are creating clusterwide logical names only in  > LNM$SYSCLUSTER. "  >  > I have the following:  > $ sh proc/privL >                           Node: THEIAS           Process name: "ARCHIVAGE" >  > Authorized privileges: >  NETMBX    SYSNAM    TMPMBX  >  > Process privileges: 1 >  NETMBX               may create network device ? >  SYSNAM               may insert in system logical name table 4 >  TMPMBX               may create temporary mailbox > M > There must be some other privilege that I need. I did not often encounter a C > false statement in the VMS documentation, and it don't feel good.   : This is a known problem.  HELP is wrong.  You need SYSPRV.   ------------------------------  + Date: Tue, 30 Jul 2002 09:21:32 +0100 (MET) 9 From: Phillip Helbig <HELBPHI@sysdev.deutsche-boerse.com> ! Subject: Re: Clusterwide logicals ; Message-ID: <01KKP8K7OUUG95V1F4@sysdev.deutsche-boerse.com>   < > This is a known problem.  HELP is wrong.  You need SYSPRV.  I Sorry for any confusion.  I had a problem a while back, which was due to  > believing wrong information in HELP.  I see it has been fixed:  : $ pip sh sys/nopro ; help cre/nam/par|sea sys$input accessN OpenVMS V7.2-1H1  on node DFD002  30-JUL-2002 09:18:31.81  Uptime  26 21:36:23 Topic?F        Requires either create (C) access to the parent table and writeB        (W) access to the system directory or the SYSNAM privilege.H        The parent table must have the same access mode or a higher level1        access mode than the one you are creating.  $   : $ pip sh sys/nopro ; help cre/nam/par|sea sys$input accessJ OpenVMS V7.3  on node DF0004  30-JUL-2002 09:18:43.83  Uptime  41 17:30:21F        Requires either create (C) access to the parent table and writeB        (W) access to the system directory or the SYSPRV privilege.H        The parent table must have the same access mode or a higher level1        access mode than the one you are creating.  Topic? $   I Note, however, that something else has changed: The "Topic?" prompt from  H HELP occurs before the output on 7.2-1H1 and after it on 7.3.  (In both I cases, I have to hit RETURN before getting back to the DCL prompt.)  Bug   or feature?    ------------------------------  % Date: Tue, 30 Jul 2002 09:37:11 +0100 , From: "Rainer Giese" <waste.not@welcome.net>! Subject: Re: Clusterwide logicals 6 Message-ID: <ai5fn7$11oc5j$1@ID-138444.news.dfncis.de>  L "Phillip Helbig" <HELBPHI@sysdev.deutsche-boerse.com> schrieb im Newsbeitrag5 news:01KKP7J1RW1Y99L6G5@sysdev.deutsche-boerse.com... < > This is a known problem.  HELP is wrong.  You need SYSPRV.  H I can not trace all your examples. I got following on 7.2-1 and 7.3 (all seems like documented):    $ show process/priv  Authorized privileges:!  NETMBX       SETPRV       TMPMBX    Process privileges: /  NETMBX               may create network device /  SETPRV               may set any privilege bit 2  TMPMBX               may create temporary mailbox' $ define/tab=lnm$syscluster myname test G %SYSTEM-F-NOPRIV, insufficient privilege or object protection violation  $ set process/priv=sysnam ' $ define/tab=lnm$syscluster myname test  $ sh log myname +    "MYNAME" = "TEST" (LNM$SYSCLUSTER_TABLE)   0 What's your protection of LNM$SYSCLUSTER_TABLE ?   ------------------------------  % Date: Tue, 30 Jul 2002 11:45:27 +0100 , From: "Rainer Giese" <waste.not@welcome.net>! Subject: Re: Clusterwide logicals 6 Message-ID: <ai5n7n$11qr4o$1@ID-138444.news.dfncis.de>  L "Phillip Helbig" <HELBPHI@sysdev.deutsche-boerse.com> schrieb im Newsbeitrag5 news:01KKP8K7OUUG95V1F4@sysdev.deutsche-boerse.com... J > Note, however, that something else has changed: The "Topic?" prompt fromI > HELP occurs before the output on 7.2-1H1 and after it on 7.3.  (In both J > cases, I have to hit RETURN before getting back to the DCL prompt.)  Bug
 > or feature?   K It not depends on version, but on position in your terminal. Repeat it some D times, you will get different results. Maybe some relativ positional escapes.   ------------------------------  + Date: Tue, 30 Jul 2002 12:01:24 +0100 (MET) 9 From: Phillip Helbig <HELBPHI@sysdev.deutsche-boerse.com> ! Subject: Re: Clusterwide logicals ; Message-ID: <01KKPEA518RU95V1F4@sysdev.deutsche-boerse.com>   L > > Note, however, that something else has changed: The "Topic?" prompt fromK > > HELP occurs before the output on 7.2-1H1 and after it on 7.3.  (In both L > > cases, I have to hit RETURN before getting back to the DCL prompt.)  Bug > > or feature?  > M > It not depends on version, but on position in your terminal. Repeat it some F > times, you will get different results. Maybe some relativ positional
 > escapes.  G Indeed.  Repeating the command (up-arrow recall buffer) shows that the  G position of "Topic?" can be before, after or DURING the text displayed.    Who can explain?   ------------------------------  % Date: Tue, 30 Jul 2002 12:07:03 +0200 9 From: Jan-Erik =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com> ! Subject: Re: Clusterwide logicals ' Message-ID: <3D466547.F61FAF67@aaa.com>   ; I'd try to enable "hex-mode" or "display-control-codes" (or 7 whatever it might be called in your VT-emulator) so all 9 ESC-sequences are displayed. Then it might be possible to  find out what's going on.    Jan-Erik Sderholm.      Phillip Helbig wrote:  > H > Indeed.  Repeating the command (up-arrow recall buffer) shows that theI > position of "Topic?" can be before, after or DURING the text displayed.  >  > Who can explain?   ------------------------------  + Date: Tue, 30 Jul 2002 12:35:31 +0100 (MET) 9 From: Phillip Helbig <HELBPHI@sysdev.deutsche-boerse.com> ! Subject: Re: Clusterwide logicals ; Message-ID: <01KKPFFYW43W95V1F4@sysdev.deutsche-boerse.com>   = > I'd try to enable "hex-mode" or "display-control-codes" (or 9 > whatever it might be called in your VT-emulator) so all 1                                       ^^^^^^^^^^^   0 A real VT :-) (520) as well as several DECterms.  ; > ESC-sequences are displayed. Then it might be possible to  > find out what's going on.    I'll look into it.   ------------------------------  % Date: Tue, 30 Jul 2002 11:15:00 -0400 0 From: "Syltrem" <syltremspammenot@videotron.com>! Subject: Re: Clusterwide logicals 4 Message-ID: <o2y19.7442$H67.39720@tor-nn1.netcom.ca>  - It now works with SYSPRV (no SYSNAM required) / It does not need to be set a default privilege.   
 The statement F > > > >> "To create a clusterwide logical name, you must have (...) or SYSNAMH > > > >> privilege if you are creating clusterwide logical names only in > > > >> LNM$SYSCLUSTER. " Should be updated in the doc.      Thanks to all who contributed    --   Syltrem I http://pages.infinit.net/syltrem (OpenVMS related web site - en franais) > To reply to myself directly, remove .spammenot from my address  K "Syltrem" <syltremspammenot@videotron.com> a crit dans le message de news: ) zOh19.7391$H67.39392@tor-nn1.netcom.ca...   > Looks like 7.3 is the problem. > Will call HP >  > -- > 	 > Syltrem K > http://pages.infinit.net/syltrem (OpenVMS related web site - en franais) @ > To reply to myself directly, remove .spammenot from my address > G > "Syltrem" <syltremspammenot@videotron.com> a crit dans le message de  news: + > 9ph19.7389$H67.39380@tor-nn1.netcom.ca...  > > This is VMS 7.3 on a VAX > > ( > > I think it does work on 7.2-1 Alpha. > > I'll do more testing > >  > > -- > >  > > Syltrem C > > http://pages.infinit.net/syltrem (OpenVMS related web site - en 	 franais) B > > To reply to myself directly, remove .spammenot from my address > > L > > "Rob Young" <young_r@encompasserve.org> a crit dans le message de news:, > > Ga7FxcQN+yRg@eisner.encompasserve.org...9 > > > In article <8n7AI$oilsCJ@eisner.encompasserve.org>, 1 > > young_r@encompasserve.org (Rob Young) writes: F > > > > In article <Pyg19.7382$H67.39347@tor-nn1.netcom.ca>, "Syltrem", > > <syltremspammenot@videotron.com> writes:I > > > >> Good afternoon (or whenever it may be in your part of the world)  > > > >>A > > > >> I'm trying to create a clusterwide logical name, and the  > documentation  > > > >> states as quoted:F > > > >> "To create a clusterwide logical name, you must have (...) or SYSNAMH > > > >> privilege if you are creating clusterwide logical names only in > > > >> LNM$SYSCLUSTER. " > > > >> > > > >> I have the following: > > > >> $ sh proc/priv G > > > >>                           Node: THEIAS           Process name:  > > "ARCHIVAGE"  > > > >> > > > >> Authorized privileges: $ > > > >>  NETMBX    SYSNAM    TMPMBX > > > >> > > > >> Process privileges:8 > > > >>  NETMBX               may create network deviceF > > > >>  SYSNAM               may insert in system logical name table; > > > >>  TMPMBX               may create temporary mailbox  > > > >> > > > >> and when I do: 1 > > > >> $ define/table=LNM$SYSCLUSTER  aaaa bbbb  > > > >> I getF > > > >> %SYSTEM-F-NOPRIV, insufficient privilege or object protection > violation  > > > >>! > > > >> Can someone explain why?  > > > >>H > > > >> There must be some other privilege that I need. I did not often > > encounter a J > > > >> false statement in the VMS documentation, and it don't feel good. > > > >> > > > >> Thanks! > > > >> > > > > ( > > > > Authorized but not default priv. > > > >  > > > >  > > > > SYSMAN> set e/c 3 > > > > %SYSMAN-I-ENV, current command environment: , > > > >         Clusterwide on local cluster? > > > >         Username JOEUSER will be used on nonlocal nodes  > > > > $ > > > > SYSMAN> set prof/priv=sysnam8 > > > > SYSMAN> DO DEFINE/TABLE=LNM$SYSCLUSTER AAAA BBBB9 > > > > %SYSMAN-I-OUTPUT, command execution on node NODE1 9 > > > > %SYSMAN-I-OUTPUT, command execution on node NODE2   > > > > SYSMAN> DO SHOW LOG AAAA9 > > > > %SYSMAN-I-OUTPUT, command execution on node NODE1 1 > > > >    "AAAA" = "BBBB" (LNM$SYSCLUSTER_TABLE) 9 > > > > %SYSMAN-I-OUTPUT, command execution on node NODE2 1 > > > >    "AAAA" = "BBBB" (LNM$SYSCLUSTER_TABLE)  > > > >  > > > B > > > Scratch that example.  I neglected to do noall prior to.  So? > > > I trimmed the test account down to just that and it works % > > > (sysnam and netmbx and tmpmbx).  > > > 4 > > > <NODE2>$ define/table=lnm$syscluster aaaa bbbb > > > <NODE2>$ show log aaaa/ > > >    "AAAA" = "BBBB" (LNM$SYSCLUSTER_TABLE)  > > > <NODE2>$ show proc/priv  > > > C > > > 29-JUL-2002 16:00:57.64   User: JOEUSER           Process ID:  209AEA66E > > >                           Node: NODE2 Process name: "_NTY9842:"e > > >  > > > Authorized privileges:4 > > >  NETMBX       OPER         SYSNAM       TMPMBX > > >e > > > Process privileges:l5 > > >  NETMBX               may create network devicee: > > >  OPER                 may perform operator functionsC > > >  SYSNAM               may insert in system logical name tablee8 > > >  TMPMBX               may create temporary mailbox > > >hB > > > So it does appear you need to make that SYSNAM priv default. > > > 	 > > > Robi > > >h > >s > >  >e >o   ------------------------------    Date: 30 Jul 2002 02:07:38 -0700% From: Alan Greig <a.greig@virgin.net>b& Subject: Re: Copyright on hobbyist cd?) Message-ID: <ai5l0q01urh@drn.newsguy.com>W  4 In article <3D45D7E9.24222F@fsi.net>, "David says... >l >Hoff Hoffman wrote: >> :N >>In article <ahoc3p$s8s$1@reader3.panix.com>, John Forkosh <john@invalid.com>	 >>writes:o0 >> :Someone wanted to borrow my VAX hobbyist cd,& >> :which I won't let out of my sight. >> nG >>   Please have the, um, spending-averse someone order their own copy?p >SF >See http://www.montagar.com/hobbyist/mount.html which shows these are
 >sold out.  M Given that creating new copies of the CD costs pennies (in dollars or pounds)eN and that almost no effort is needed to make them, I cannot understand why they remain "sold out". What's up?m   >--  >David J. Dachtera >dba DJE Systems >http://www.djesys.com/  > ) >Unofficial Affordable OpenVMS Home Page:i  >http://www.djesys.com/vms/soho/   ------------------------------    Date: 30 Jul 2002 05:41:55 -0600- From: Kilgallen@SpamCop.net (Larry Kilgallen) & Subject: Re: Copyright on hobbyist cd?3 Message-ID: <LHR5B7ZGdZFB@eisner.encompasserve.org>l  Q In article <ai5l0q01urh@drn.newsguy.com>, Alan Greig <a.greig@virgin.net> writes:a  O > Given that creating new copies of the CD costs pennies (in dollars or pounds)hP > and that almost no effort is needed to make them, I cannot understand why they > remain "sold out". What's up?u  K Comments about being "sold out" are not the only feedback I have read here. 6 Others want a more up-to-date set of layered products.  K It does not do to spend $1000 for a minimum run of an inferior (these days) K selection of layered product versions, but perhaps there is a delay getting-C the volunteer time to assemble (or agree on) a more up-to-date set.0   ------------------------------  % Date: Tue, 30 Jul 2002 13:06:30 +0100h( From: Nic Clews <sendspamhere@127.0.0.1>& Subject: Re: Copyright on hobbyist cd?) Message-ID: <3D468146.A50C636F@127.0.0.1>m   Jan-Erik Sderholm wrote:h >  > Another thought...< > Is there any licensing (or other) reason why not anyone of= > us having a "full" LP-kit at-hand, compiles a "hobbyist-CD",< > for whoever is interested ? Would it be possibly (have the3 > right to) charge a minimal fee for p&p for this ?M  E Seconded. I've had a couple of enquiries, but I'm quite happy to helpaE the hobbyist program in a legal way (CUO-UK is probably better placed 	 however).o  C Perhaps it would be useful to gather that would be considered for ap compiled and compressed kit.   -- i? Regards, Nic Clews a.k.a. Mr. CP Charges, CSC Computer Sciencesc nclews at csc dot com    ------------------------------  % Date: Tue, 30 Jul 2002 13:17:47 +020099 From: Jan-Erik =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com>t& Subject: Re: Copyright on hobbyist cd?' Message-ID: <3D4675DB.B4F6C823@aaa.com>d   A few thoughts about the LP-CD.r  < It's my experience that many of the LP-kits can be very much9 compresed with ZIP (and I have never had any problem withaA ZIP/UNZIP of VMS savesets, using the "right" ZIP/UNZIP versions).e  ; One possiblity could be to put all LP-kits in ZIP'ed formata? on th CD to get more products on one CD. A UNZIP image with the = right version could also be put on the CD (in unzip'ed form).h  > One added "feature" would also that many of us would have less= problem FTP'ing the kits between different systems, sometimese? using some PC as a "FTP-gateway". But the primary reason to ZIPe0 the kits, would be to get more kits onto the CD.   Jan-Erik Sderholm.    Larry Kilgallen wrote: > S > In article <ai5l0q01urh@drn.newsguy.com>, Alan Greig <a.greig@virgin.net> writes:  > Q > > Given that creating new copies of the CD costs pennies (in dollars or pounds)uR > > and that almost no effort is needed to make them, I cannot understand why they! > > remain "sold out". What's up?i > M > Comments about being "sold out" are not the only feedback I have read here. 8 > Others want a more up-to-date set of layered products. > M > It does not do to spend $1000 for a minimum run of an inferior (these days)rM > selection of layered product versions, but perhaps there is a delay getting E > the volunteer time to assemble (or agree on) a more up-to-date set.-   ------------------------------  % Date: Tue, 30 Jul 2002 13:24:59 +0200o9 From: Jan-Erik =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com> & Subject: Re: Copyright on hobbyist cd?' Message-ID: <3D46778B.FA40A345@aaa.com>"   Another thought...: Is there any licensing (or other) reason why not anyone of; us having a "full" LP-kit at-hand, compiles a "hobbyist-CD"B: for whoever is interested ? Would it be possibly (have the1 right to) charge a minimal fee for p&p for this ?d  = (Not saying *I* am planning this right now, but who knows...)T   Jan-Erik Sderholm.W   Larry Kilgallen wrote: > S > In article <ai5l0q01urh@drn.newsguy.com>, Alan Greig <a.greig@virgin.net> writes:  > Q > > Given that creating new copies of the CD costs pennies (in dollars or pounds)lR > > and that almost no effort is needed to make them, I cannot understand why they! > > remain "sold out". What's up?n > M > Comments about being "sold out" are not the only feedback I have read here.l8 > Others want a more up-to-date set of layered products. > M > It does not do to spend $1000 for a minimum run of an inferior (these days)tM > selection of layered product versions, but perhaps there is a delay getting E > the volunteer time to assemble (or agree on) a more up-to-date set.    ------------------------------  + Date: Tue, 30 Jul 2002 14:53:43 +0100 (MET)a9 From: Phillip Helbig <HELBPHI@sysdev.deutsche-boerse.com>y& Subject: Re: Copyright on hobbyist cd?; Message-ID: <01KKPKA1J9HE95V1F4@sysdev.deutsche-boerse.com>o  E > Perhaps it would be useful to gather that would be considered for at > compiled and compressed kit.  G What am I missing here?  The ENTIRE software distribution from Compaq, eF a lot of which is included in the hobbyist licenses, is not THAT many C CDs.  CDs are cheap.  Why not just copy it one-to-one?  Surely the oG slightly higher costs would be more than offset by not having to worry 9$ about what is included and what not.   ------------------------------  % Date: Tue, 30 Jul 2002 15:35:10 +0200n9 From: Jan-Erik =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com>o& Subject: Re: Copyright on hobbyist cd?' Message-ID: <3D46960E.C9913588@aaa.com>s  5 Um, isn't it both cheaper and easier to burn standard7; "PC-CD's" then the native VMS format ? Is there any problem1< at all with using a PC-CD on a VMS system today (with proper9 mounting) ? Or to use a PC as a CD-FTP-gateway ? (The VMSi= binary-CD is, of course, another story, they have to be boot-h" able on the target system, not ?).  < I'm just guessing that it would be easier to get new LP-CD's# if they could be burned the PC-way.a  : Or can you make a copy of the original LP distro with some= popular CD-copy SW such as Nero ? Or do you need some speciale( HW for the non-PC format of these CD's ?   Jan-Erik Sderholm.o   Phillip Helbig wrote:t > G > > Perhaps it would be useful to gather that would be considered for ao  > > compiled and compressed kit. > H > What am I missing here?  The ENTIRE software distribution from Compaq,G > a lot of which is included in the hobbyist licenses, is not THAT manytD > CDs.  CDs are cheap.  Why not just copy it one-to-one?  Surely theH > slightly higher costs would be more than offset by not having to worry& > about what is included and what not.   ------------------------------  % Date: Tue, 30 Jul 2002 15:50:13 +0100  From: Roy Omond <Roy@Omond.net> & Subject: Re: Copyright on hobbyist cd?) Message-ID: <3D46A7A5.17BDF6FB@Omond.net>H   Jan-Erik Sderholm wrote:   7 > Um, isn't it both cheaper and easier to burn standards7 > "PC-CD's" then the native VMS format ? [... snip ...]r  < No, it's neither cheaper nor easier.  It's exactly the same.2 I have successfully copied VMS format CD's both on+ my Macintosh and on a standalone CD copier.p  	 Roy OmondN Blue Bubble Ltd.   ------------------------------  # Date: Tue, 30 Jul 2002 15:02:38 GMTn4 From: Tim Llewellyn <tim.llewellyn@blueyonder.co.uk>& Subject: Re: Copyright on hobbyist cd?0 Message-ID: <3D46A984.7C75D552@blueyonder.co.uk>   Roy Omond wrote: >  > Jan-Erik Sderholm wrote:e > 9 > > Um, isn't it both cheaper and easier to burn standard 9 > > "PC-CD's" then the native VMS format ? [... snip ...]  > > > No, it's neither cheaper nor easier.  It's exactly the same.4 > I have successfully copied VMS format CD's both on- > my Macintosh and on a standalone CD copier.0 >   = Yup, Easy CD Creator 4 on W98 will also copy VMS format CD's.r   > Roy Omond  > Blue Bubble Ltd.   -- 1 tim.llewellyn@blueyonder.co.uk i  F * tim.llewellyn@cableinet.co.uk address will cease to work June 2002 *   ------------------------------    Date: 30 Jul 2002 07:59:40 -0700% From: Alan Greig <a.greig@virgin.net> & Subject: Re: Copyright on hobbyist cd?( Message-ID: <ai69ks0emd@drn.newsguy.com>  8 In article <3D46960E.C9913588@aaa.com>, Jan-Erik says... >c6 >Um, isn't it both cheaper and easier to burn standard< >"PC-CD's" then the native VMS format ? Is there any problem= >at all with using a PC-CD on a VMS system today (with proper : >mounting) ? Or to use a PC as a CD-FTP-gateway ? (The VMS> >binary-CD is, of course, another story, they have to be boot-# >able on the target system, not ?).   P A PC equipped with a CD writer can copy a VMS files-11 CD - even a bootable one.O The CD writers can just physically copy the tracks not caring about the format."  = >I'm just guessing that it would be easier to get new LP-CD'st$ >if they could be burned the PC-way. >v; >Or can you make a copy of the original LP distro with some > >popular CD-copy SW such as Nero ? Or do you need some special) >HW for the non-PC format of these CD's ?e >y >Jan-Erik Sderholm. >u >Phillip Helbig wrote: >> iH >> > Perhaps it would be useful to gather that would be considered for a! >> > compiled and compressed kit.p >> cI >> What am I missing here?  The ENTIRE software distribution from Compaq,-H >> a lot of which is included in the hobbyist licenses, is not THAT manyE >> CDs.  CDs are cheap.  Why not just copy it one-to-one?  Surely theCI >> slightly higher costs would be more than offset by not having to worryo' >> about what is included and what not.d   ------------------------------  % Date: Tue, 30 Jul 2002 17:11:52 +0200u9 From: Jan-Erik =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com>t& Subject: Re: Copyright on hobbyist cd?' Message-ID: <3D46ACB8.1D7DBAEB@aaa.com>e  1 OK, then the question is if it would be any legalh> difference between actualy copy the *original* LP distribution4 and to copy a "compilation" of kits from the LP-kit.  	 Jan-Erik--   Tim Llewellyn wrote: >  > Roy Omond wrote:6 > > I have successfully copied VMS format CD's both on/ > > my Macintosh and on a standalone CD copier.c > ? > Yup, Easy CD Creator 4 on W98 will also copy VMS format CD's.  >'   ------------------------------  # Date: Tue, 30 Jul 2002 14:04:23 GMT 1 From: "Terry C. Shannon" <terryshannon@attbi.com> # Subject: Credit Where Credit is Due^/ Message-ID: <H1x19.185109$Wt3.138847@rwcrnsc53>D  E Mary Ellen Fortier delivered a couple of pretty decent talks at DECUS  Australia last week.   -- Terry C. Shannon+ Consultant and Publisher, Shannon Knows HPCe8 Director, Technical Communications, Science Medicus Inc.% Director at Large, Encompass US, Inc.: terryshannon@attbi.com http://www.openvms.org   ------------------------------  + Date: Tue, 30 Jul 2002 11:34:43 +0100 (MET)t9 From: Phillip Helbig <HELBPHI@sysdev.deutsche-boerse.com>m Subject: Re: Fortran compilers; Message-ID: <01KKPD7O1B0U95V1F4@sysdev.deutsche-boerse.com>>  F > John Reagan wrote a response some little while ago in another threadD > implying that all other compilers (which had not been killed, e.g.	 > Bliss) u  I Bliss is available and, though perhaps not officially supported, is used  B internally in VMS and Rdb, so there is no danger of it going away.  I > Compaq before the seizure gave their Fortran compiler writers to Intel.eI > Fortran on VMS (possibly Tru64) has been put into maintenance mode.  Toe > me this stinks.   ) Alpha only---or correct me if I am wrong?   H > Starting from DEC, the Fortran compiler was considered one of the bestH > ever. Many of their proprietary enhancements became de-facto standardsE > and were mimicked in other compilers.  Steve Lionel was a very goodeI > spokesman for Fortran and VMS both here and in c.l.f.  He now works foraD > Intel and produces CVF (obviously a money spinner), but soon to be > subsumed as IVF (?).    I Indeed.  Fortran used to be THE language.  DEC Fortran was considered by iH all to be the best Fortran compiler, by far.  As you mention, Steve has $ been very helpful through the years.  I > Is the compiler just dead or will it be resurrected on VMS on the Intelg > chip?   . I think Steve has answered this question here.  E > HP has their own compiler for HP-UX, and hence their compiler team,rE > which compiler I have not used but I understand is very inferior inyG > respect to the compiler engineering that went into the Digital/Compaqn > product. v  C I have experience with all common Fortran compilers (DEC, HP, SGI,  I IBM/AIX, SUN, Cray); DEC Fortran is far and away the best, especially on s VMS.   ------------------------------  % Date: Tue, 30 Jul 2002 16:06:14 +0200.- From: Didier Morandi <Didier.Morandi@Free.fr>r Subject: Re: Fortran compilers' Message-ID: <3D469D55.815151BB@Free.fr>   8 So, where will I find the latest training material then?   D.   Phillip Helbig wrote:  ../..ND > I have experience with all common Fortran compilers (DEC, HP, SGI,J > IBM/AIX, SUN, Cray); DEC Fortran is far and away the best, especially on > VMS.>   ------------------------------  % Date: Tue, 30 Jul 2002 19:21:23 +0010i% From: paddy.o'brien@zzz.tg.nsw.gov.auiR Subject: Fortran compiler was(RE: Dev tool docs on www.openvms.compaq.com:8000/ ?)5 Message-ID: <01KKPTNZGN9U000RTI@tgmail.tg.nsw.gov.au>    Didier Morandi wrote:C   >And Fortran? At Intel?> >g >D.  >  >Hoff Hoffman wrote: >> i >>  A >>     Details on the C programming environment are available at:n >> oA >>     o  http://www.openvms.compaq.com/commercial/c/c_index.htmll  C Not really related to docs, but I'm using this as a sounding board.e  	 <RANT on>M  N John Reagan wrote a response some little while ago in another thread implying L that all other compilers (which had not been killed, e.g. Bliss) were still 1 with the new HP.  But Fortran is not one of them.m  I Compaq before the seizure gave their Fortran compiler writers to Intel.   K Fortran on VMS (possibly Tru64) has been put into maintenance mode.  To me N this stinks.  N Starting from DEC, the Fortran compiler was considered one of the best ever.  J Many of their proprietary enhancements became de-facto standards and were I mimicked in other compilers.  Steve Lionel was a very good spokesman for SM Fortran and VMS both here and in c.l.f.  He now works for Intel and produces $D CVF (obviously a money spinner), but soon to be subsumed as IVF (?).  L From the inception of F90/F95 on VMS, my team (mainly yours sincerely) beta H tested every version of F90/F95 that was put out to testers.  Steve was 3 normally the respondent of my reports on bugs, etc.o  N Their compiler has come a long way, but as Steve may remember from some of my L reports, it still has a way to go.  Not just optimisations, but usefullness   of output listings and warnings.  N Is the compiler just dead or will it be resurrected on VMS on the Intel chip? J HP has their own compiler for HP-UX, and hence their compiler team, which M compiler I have not used but I understand is very inferior in respect to the  ? compiler engineering that went into the Digital/Compaq product.v  M I am an applications programmer for electrical engineering applications, all  M with many k lines of Fortran.  I was hoping that over the years the compiler eN experts would further improve more of their vector/matrix code optimisations. N I still have to maintain code for, e.g., complex MATMUL, because the compiler N is horrendously slow (a factor between 10 to 20).  I must say that the Compaq M team have done many speed enhancements over the years, but certainly haven't n got round to this one.  M Is CXML still in the hands of the new HP?  Where is Jeff Arnold, HP or Intel?D  L I could accept that F90 would never get to VAX.  It was a total re-write of J the compiler and already those of us who could were moving to Alphas.  No J such move is possible yet to Intel -- nor till 2004 -- yeah, if I believe D that date!!  Two more years (at least) with a stagnant compiler and J application programmers who need speed for their users having to maintain L code that we know eventually the compiler writers would have improved to be N better than the code we maintain.  Except that, because our engineers do work I overseas, we also have to port to CVF; the guy in our team who ports and pK tests will undoubtedly ask why I am maintaining Complex MATMUL because CVF  * will have improved the way we anticipated.  E [Just as a by-line.  In .au we had a few years ago only medium sized aK dimensions for our dynamic/transient stability problems.  Now, from NSW we  N are interconnecting to Queensland and a further connection to South Australia M which means they can no longer be considered a radial network.  A connection @B to Tasmania via Victoria is also coming soon (and currently being K investigated engineering-wise).  The level/detail of modelling for control oJ systems is being increased.  Problems a few years ago were dimensioned to C only a few (very few) hundred state variables (just as one example a* dimension), but are now in the thousands.]  < <RANT will be on for ever, but I'll take it off for now :-)>   Regards, Paddy   ------------------------------  # Date: Tue, 30 Jul 2002 16:47:36 GMTe& From: John Reagan <john.reagan@hp.com>Y Subject: Re: Fortran compiler was(RE: Dev tool docs on www.openvms.compaq.com:8000/ ?) ?)a% Message-ID: <3D46C16F.8030407@hp.com>r  & paddy.o'brien@zzz.tg.nsw.gov.au wrote:   > P > John Reagan wrote a response some little while ago in another thread implying N > that all other compilers (which had not been killed, e.g. Bliss) were still 3 > with the new HP.  But Fortran is not one of them.L  I I avoided Fortran just because the details are a little fuzzy in my mind  # and I didn't want to mislead folks.   I While the details with Fortran, the ownership, who does the maintenance, qI etc. might be a little different than the other compilers, we will still CA provide the F90 that we provide on Alpha.  (The areas where I am  F confused is which code generator is attached to it and those details).     > - > Is CXML still in the hands of the new HP?  s  D CXML is very much still with us at HP.  You use it on OpenVMS?  Our @ impressions are that CXML was used more in the Tru64 space, etc.   Which CXML routines do you use?a       --   John ReaganC' Compaq Pascal/{A|I}MACRO Project Leader4 Hewlett-Packard Company    ------------------------------  % Date: Tue, 30 Jul 2002 16:05:20 +0200P- From: Didier Morandi <Didier.Morandi@Free.fr> Y Subject: Re: Fortran compiler was(RE: Dev tool docs on www.openvms.compaq.com:8000/ ?) wwv' Message-ID: <3D469D20.D4D15742@Free.fr>p  N I know Steve since ages (nearly) but I prefer to ask my technical questions in here before sending him mail.    D.  & paddy.o'brien@zzz.tg.nsw.gov.au wrote: ../.. M > From the inception of F90/F95 on VMS, my team (mainly yours sincerely) beta I > tested every version of F90/F95 that was put out to testers.  Steve was"5 > normally the respondent of my reports on bugs, etc.  ../..e   ------------------------------  , Date: Tue, 30 Jul 2002 16:44:13 +0200 (CEST)9 From: Richard Levitte - VMS Whacker <levitte@openssl.org>g/ Subject: Fw: OpenSSL patches for other versions : Message-ID: <20020730.164413.32347150.levitte@openssl.org>  - ----Next_Part(Tue_Jul_30_16:44:13_2002_248)-- * Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bitn  B OpenSSL security advisory patches for some older OpenSSL versions.   -- e+ Richard Levitte         levitte@openssl.orgu8 OpenSSL Project         http://www.openssl.org/~levitte/    - ----Next_Part(Tue_Jul_30_16:44:13_2002_248)--r Content-Type: Message/Rfc822 Content-Disposition: inline   8 Return-Path: owner-mmx-openssl-users@mmx.engelschall.comI Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])4< 	by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id MAA23658H 	for <levitte@stacken.kth.se>; Tue, 30 Jul 2002 12:21:01 +0200 (MET DST)* Received: by mmx.engelschall.com (Postfix)6 	id D8D93195E0; Tue, 30 Jul 2002 12:16:54 +0200 (CEST)O Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])r: 	by mmx.engelschall.com (Postfix) with ESMTP id E63BF1957BT 	for <mmx-openssl-users@mmx.engelschall.com>; Tue, 30 Jul 2002 12:16:53 +0200 (CEST)E Received: by en5.engelschall.com (Sendmail 8.9.2) for openssl-users-La7 	id MAA25038; Tue, 30 Jul 2002 12:16:20 +0200 (MET DST)@; Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTPoU 	from scuzzy.ben.algroup.co.uk id MAA24924; Tue, 30 Jul 2002 12:14:57 +0200 (MET DST) G Received: from algroup.co.uk (wiese.ben.algroup.co.uk [193.133.15.150]) 1 	by scuzzy.ben.algroup.co.uk (Postfix) with ESMTP 5 	id 642388BC25; Tue, 30 Jul 2002 10:14:51 +0000 (GMT)o, Message-ID: <3D466724.7060809@algroup.co.uk>% Date: Tue, 30 Jul 2002 11:15:00 +0100i$ From: Ben Laurie <ben@algroup.co.uk>T User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530 X-Accept-Language: en-us, en MIME-Version: 1.0p4 To: OpenSSL Announce <openssl-announce@openssl.org>,,         Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>,H         OpenSSL Dev <openssl-dev@openssl.org>, openssl-users@openssl.org+ Subject: OpenSSL patches for other versionsJ Content-Type: multipart/mixed;0  boundary="------------040702070909050702020402"' Sender: owner-openssl-users@openssl.orgd Precedence: bulk# Reply-To: openssl-users@openssl.orgT( X-Sender: Ben Laurie <ben@algroup.co.uk>2 X-List-Manager: OpenSSL Majordomo [version 1.94.4] X-List-Name: openssl-users  , This is a multi-part message in MIME format.& --------------0407020709090507020204029 Content-Type: text/plain; charset=us-ascii; format=flowedi Content-Transfer-Encoding: 7bit-  F Enclosed are patches for today's OpenSSL security alert which apply to= other versions. The patch for 0.9.7 is supplied by Ben LaurieRA <ben@algroup.co.uk> and the remainder by Vincent Danen (email notm
 supplied).  L Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev.  < These patches are known to apply correctly but have not been thoroughly tested.   Cheers,o   Ben.   --  B http://www.apache-ssl.org/ben.html       http://www.thebunker.net/   Available for contract work.  B "There is no limit to what a man can do or how far he can go if he4 doesn't mind who gets the credit." - Robert Woodruff  & --------------040702070909050702020402 Content-Type: text/plain;o%  name="openssl-0.9.5a-security.patch"N Content-Disposition: inline;)  filename="openssl-0.9.5a-security.patch"s Content-Transfer-Encoding: 7bitl  3 --- crypto/cryptlib.c.orig	Fri Nov 23 13:57:59 2001t. +++ crypto/cryptlib.c	Fri Jul 26 10:43:56 2002 @@ -491,3 +491,11 @@  #endif   h  #endifi +nA +void OpenSSLDie(const char *file,int line,const char *assertion)w +    {M +    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",h +	    file,line,assertion);?
 +    abort();  +    } +g3 --- crypto/cryptlib.h.orig	Tue May  2 06:35:04 2000w. +++ crypto/cryptlib.h	Fri Jul 26 10:43:56 2002 @@ -89,6 +89,14 @@0  #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"1  #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"C  r$ +/* size of string represenations */8 +#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)1 +#define HEX_SIZE(type)         ((sizeof(type)*2)a +r +/* die if we have to */B +void OpenSSLDie(const char *file,int line,const char *assertion);D +#define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) +s  #ifdef  __cplusplus  }  #endifn8 --- crypto/asn1/asn1_lib.c.orig	Fri Mar 30 06:42:32 20013 +++ crypto/asn1/asn1_lib.c	Fri Jul 26 10:43:56 20021 @@ -407,7 +407,7 @@i  l8  void asn1_add_error(unsigned char *address, int offset)  	{t -	char buf1[16],buf2[16];DB +	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];  r-  	sprintf(buf1,"%lu",(unsigned long)address);   	sprintf(buf2,"%d",offset);4 --- crypto/conf/conf.c.orig	Sun Jan 30 15:19:51 2000/ +++ crypto/conf/conf.c	Fri Jul 26 13:17:49 2002e @@ -64,7 +64,7 @@y  #include <openssl/conf.h>  #include <openssl/buffer.h>  #include <openssl/err.h>o -  +#include "cryptlib.h"  #include "conf_lcl.h"  49  static void value_free_hash(CONF_VALUE *a, LHASH *conf);  @@ -123,12 +123,12 @@1  	{.  	LHASH *ret=NULL;  #define BUFSIZE	512 -	char btmp[16];  	int bufnum=0,i,ii;  	BUF_MEM *buff=NULL;   	char *s,*p,*end;  	int again,n;  	long eline=0;7# +	char btmp[DECIMAL_SIZE(eline)+1];i  	CONF_VALUE *v=NULL,*vv,*tv;p  	CONF_VALUE *sv=NULL;  	char *section=NULL,*buf;: --- crypto/objects/obj_dat.c.orig	Mon Sep  4 09:34:35 20005 +++ crypto/objects/obj_dat.c	Fri Jul 26 10:43:56 2002  @@ -428,7 +428,7 @@C  	unsigned long l;  	unsigned char *p;e  	const char *s; -	char tbuf[32];/ +	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];t  )  	if (buf_len <= 0) return(0);  a/ --- ssl/s2_clnt.c.orig	Sat Nov 10 03:43:51 2001t* +++ ssl/s2_clnt.c	Fri Jul 26 10:43:56 2002 @@ -116,6 +116,7 @@   #include <openssl/buffer.h>  #include <openssl/objects.h>   #include <openssl/evp.h>D +#include "cryptlib.h"  y4  static SSL_METHOD *ssl2_get_client_method(int ver);(  static int get_server_finished(SSL *s); @@ -517,6 +518,7 @@   		}  		b2  	s->s2->conn_id_length=s->s2->tmp.conn_id_length;6 +	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);5  	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);   	return(1);  	}e @@ -618,6 +620,7 @@E  		/* make key_arg data */  		i=EVP_CIPHER_iv_length(c);a  		sess->key_arg_length=i;$ +		die(i <= SSL_MAX_KEY_ARG_LENGTH);1  		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);I  s  		/* make a master key */ @@ -625,6 +628,7 @@   		sess->master_key_length=i;i
  		if (i > 0)h  			{ & +			die(i <= sizeof sess->master_key);,  			if (RAND_bytes(sess->master_key,i) <= 0)  				{2  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -668,6 +672,7 @@ 
  		d+=enc;  		karg=sess->key_arg_length;	"  		s2n(karg,p); /* key arg size */% +		die(karg <= sizeof sess->key_arg);0.  		memcpy(d,sess->key_arg,(unsigned int)karg);  		d+=karg;m    @@ -688,6 +693,7 @@t  		{(  		p=(unsigned char *)s->init_buf->data;"  		*(p++)=SSL2_MT_CLIENT_FINISHED;7 +		die(s->s2->conn_id_length <= sizeof s->s2->conn_id);c@  		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);  t+  		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;l @@ -944,6 +950,8 @@   		{4  		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))  			{n% +			die(s->session->session_id_lengthC* +			    <= sizeof s->session->session_id);*  			if (memcmp(buf,s->session->session_id,7  				(unsigned int)s->session->session_id_length) != 0)1  				{. --- ssl/s2_lib.c.orig	Tue Dec 26 05:06:47 2000) +++ ssl/s2_lib.c	Fri Jul 26 10:52:20 2002u @@ -62,6 +62,7 @@x  #include <openssl/rsa.h>c  #include <openssl/objects.h>v  #include <openssl/md5.h>e +#include "cryptlib.h"  i)  static long ssl2_default_timeout(void );l<  const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -425,10 +426,14 @@e  #endif.  i  	km=s->s2->key_material;U@ +	die(s->s2->key_material_length <= sizeof s->s2->key_material);?  	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)   		{  		MD5_Init(&ctx); -< +		H) +		die(s->session->master_key_length >= 0:' +		    && s->session->master_key_length1( +		    < sizeof s->session->master_key);I  		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);m  		MD5_Update(&ctx,&c,1);l  		c++;h @@ -463,6 +468,7 @@   /*	state=s->rwstate;*/   	error=s->error;h
  	s->error=0;t  +	die(error >= 0 && error <= 3);(  	i=ssl2_write(s,&(buf[3-error]),error);(  /*	if (i == error) s->rwstate=state; */  h/ --- ssl/s2_srvr.c.orig	Mon Jul  9 08:11:04 2001I* +++ ssl/s2_srvr.c	Fri Jul 26 12:11:39 2002 @@ -63,6 +63,7 @@n  #include <openssl/rand.h>  #include <openssl/objects.h>o  #include <openssl/evp.h>  +#include "cryptlib.h"  r4  static SSL_METHOD *ssl2_get_server_method(int ver);*  static int get_client_master_key(SSL *s); @@ -361,12 +362,19 @@    		n2s(p,i); s->s2->tmp.clear=i;  		n2s(p,i); s->s2->tmp.enc=i;*  		n2s(p,i); s->session->key_arg_length=i;: +		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) +		        {. +		        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,. +		                   SSL_R_KEY_ARG_TOO_LONG); +		        return -1;c +		        },  		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;  		s->init_num=0;t  		}   '  	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ '  	p=(unsigned char *)s->init_buf->data;eC +	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);d"  	keya=s->session->key_arg_length;7  	n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;r-  	i=ssl2_read(s,(char *)&(p[s->init_num]),n);t @@ -440,6 +448,7 @@i  #endifp   %  	if (is_export) i+=s->s2->tmp.clear;n& +	die(i <= SSL_MAX_MASTER_KEY_LENGTH);"  	s->session->master_key_length=i;3  	memcpy(s->session->master_key,p,(unsigned int)i);;  	return(1); @@ -580,6 +589,7 @@s"  	p+=s->s2->tmp.session_id_length;  -  	/* challenge */ : +	die(s->s2->challenge_length <= sizeof s->s2->challenge);C  	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);-  	return(1);	  mem_err:e @@ -730,6 +740,7 @@i  		}   %  	/* SSL2_ST_GET_CLIENT_FINISHED_B */.6 +	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);M  	i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);r1  	if (i < (int)s->s2->conn_id_length-s->init_num).  		{ @@ -752,6 +763,7 @@-  		{(  		p=(unsigned char *)s->init_buf->data;   		*(p++)=SSL2_MT_SERVER_VERIFY;; +		die(s->s2->challenge_length <= sizeof s->s2->challenge);wD  		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);$  		/* p+=s->s2->challenge_length; */  C @@ -771,6 +783,8 @@I(  		p=(unsigned char *)s->init_buf->data;"  		*(p++)=SSL2_MT_SERVER_FINISHED;  r$ +		die(s->session->session_id_length) +		    <= sizeof s->session->session_id);a#  		memcpy(p,s->session->session_id,o1  			(unsigned int)s->session->session_id_length);o*  		/* p+=s->session->session_id_length; *// --- ssl/s3_clnt.c.orig	Thu Oct 25 02:18:54 2001 * +++ ssl/s3_clnt.c	Fri Jul 26 10:56:23 2002 @@ -64,6 +64,7 @@k  #include <openssl/sha.h>l  #include <openssl/evp.h>o  #include "ssl_locl.h" +#include "cryptlib.h"  z4  static SSL_METHOD *ssl3_get_client_method(int ver);&  static int ssl3_client_hello(SSL *s); @@ -492,6 +493,7 @@   		*(p++)=i;  		if (i != 0)  			{i, +			die(i <= sizeof s->session->session_id);'  			memcpy(p,s->session->session_id,i); 	  			p+=i;   			}m @@ -572,6 +574,14 @@  d  	/* get the session-id */  	j= *(p++); + - +       if(j > sizeof s->session->session_id)o +               {h, +               al=SSL_AD_ILLEGAL_PARAMETER;3 +               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 7 +                      SSL_R_SSL3_SESSION_ID_TOO_LONG);9 +               goto f_err;r +               }   t.  	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))  		{+ --- ssl/ssl.h.orig	Mon Dec 17 12:24:39 2001 & +++ ssl/ssl.h	Fri Jul 26 11:36:19 2002 @@ -1423,6 +1423,7 @@u&  #define SSL_R_INVALID_COMMAND				 280&  #define SSL_R_INVALID_PURPOSE				 278$  #define SSL_R_INVALID_TRUST				 279( +#define SSL_R_KEY_ARG_TOO_LONG				 1112&  #define SSL_R_LENGTH_MISMATCH				 159'  #define SSL_R_LENGTH_TOO_SHORT				 160s"  #define SSL_R_LIBRARY_BUG				 274 @@ -1491,6 +1492,7 @@m!  #define SSL_R_SHORT_READ				 219b9  #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220l1  #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221o/ +#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113c/  #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222 1  #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042r0  #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 10200 --- ssl/ssl_asn1.c.orig	Thu Jun  1 16:19:19 2000+ +++ ssl/ssl_asn1.c	Fri Jul 26 11:37:53 2002x @@ -62,6 +62,7 @@e  #include <openssl/objects.h>w  #include <openssl/x509.h>  #include "ssl_locl.h" +#include "cryptlib.h"   #  typedef struct ssl_session_asn1_stt  	{a @@ -275,6 +276,7 @@o  		os.length=i;   s#  	ret->session_id_length=os.length;P+ +	die(os.length <= sizeof ret->session_id);o,  	memcpy(ret->session_id,os.data,os.length);  a,  	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);/ --- ssl/ssl_err.c.orig	Fri Nov  9 18:15:29 2001N* +++ ssl/ssl_err.c	Fri Jul 26 11:39:21 2002 @@ -1,6 +1,6 @@a  /* ssl/ssl_err.c */H  /* ====================================================================A - * Copyright (c) 1999 The OpenSSL Project.  All rights reserved. F + * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.   * F   * Redistribution and use in source and binary forms, with or withoutF   * modification, are permitted provided that the following conditions @@ -275,6 +275,7 @@l>  {SSL_R_INVALID_COMMAND                   ,"invalid command"},>  {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},<  {SSL_R_INVALID_TRUST                     ,"invalid trust"},? +{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},S>  {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},?  {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},r:  {SSL_R_LIBRARY_BUG                       ,"library bug"}, @@ -343,6 +344,7 @@n9  {SSL_R_SHORT_READ                        ,"short read"},eW  {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},rK  {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},sG +{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},iH  {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},J  {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},I  {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},e0 --- ssl/ssl_sess.c.orig	Wed Nov 29 11:12:32 2000+ +++ ssl/ssl_sess.c	Fri Jul 26 10:43:56 2002a @@ -60,6 +60,7 @@n  #include <openssl/lhash.h>n  #include <openssl/rand.h>  #include "ssl_locl.h" +#include "cryptlib.h"  hC  static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);t?  static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);v @@ -199,6 +200,7 @@c  		ss->session_id_length=0;   		}  m/ +	die(s->sid_ctx_length <= sizeof ss->sid_ctx); 3  	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);e'  	ss->sid_ctx_length=s->sid_ctx_length;t  	s->session=ss;/ --- ssl/s3_srvr.c.orig	Thu Oct 25 02:18:56 2001 * +++ ssl/s3_srvr.c	Fri Jul 26 11:27:08 2002 @@ -122,6 +122,7 @@i  #include <openssl/evp.h>t  #include <openssl/x509.h>  #include "ssl_locl.h" +#include "cryptlib.h"  e4  static SSL_METHOD *ssl3_get_server_method(int ver);*  static int ssl3_get_client_hello(SSL *s); @@ -942,6 +943,7 @@r$  			s->session->session_id_length=0;  r$  		sl=s->session->session_id_length;, +		die(sl <= sizeof s->session->session_id);
  		*(p++)=sl;a'  		memcpy(p,s->session->session_id,sl);-	  		p+=sl;a  & --------------040702070909050702020402 Content-Type: text/plain;r%  name="openssl-0.9.6b-security.patch"m Content-Disposition: inline;)  filename="openssl-0.9.6b-security.patch"g Content-Transfer-Encoding: 7bitp  3 --- crypto/cryptlib.c.orig	Fri Nov 23 13:57:59 2001k. +++ crypto/cryptlib.c	Fri Jul 26 10:43:56 2002 @@ -491,3 +491,11 @@  #endife  z  #endifg +aA +void OpenSSLDie(const char *file,int line,const char *assertion)m +    {M +    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",t +	    file,line,assertion);t
 +    abort();f +    } + 3 --- crypto/cryptlib.h.orig	Tue May  2 06:35:04 2000-. +++ crypto/cryptlib.h	Fri Jul 26 10:43:56 2002 @@ -89,6 +89,14 @@0  #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"1  #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"-   $ +/* size of string represenations */8 +#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)1 +#define HEX_SIZE(type)         ((sizeof(type)*2)n +r +/* die if we have to */B +void OpenSSLDie(const char *file,int line,const char *assertion);D +#define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) +   #ifdef  __cplusplus  }  #endif/8 --- crypto/asn1/asn1_lib.c.orig	Fri Mar 30 06:42:32 20013 +++ crypto/asn1/asn1_lib.c	Fri Jul 26 10:43:56 2002  @@ -407,7 +407,7 @@r  x8  void asn1_add_error(unsigned char *address, int offset)  	{a -	char buf1[16],buf2[16]; B +	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];   -  	sprintf(buf1,"%lu",(unsigned long)address);0  	sprintf(buf2,"%d",offset);8 --- crypto/conf/conf_def.c.orig	Tue Jun  6 09:21:12 20003 +++ crypto/conf/conf_def.c	Fri Jul 26 10:43:56 2002v @@ -67,6 +67,7 @@.  #include "conf_def.h"  #include <openssl/buffer.h>  #include <openssl/err.h>P +#include "cryptlib.h"  1*  static char *eat_ws(CONF *conf, char *p);5  static char *eat_alpha_numeric(CONF *conf, char *p);d @@ -180,12 +181,12 @@m5  static int def_load(CONF *conf, BIO *in, long *line)u  	{   #define BUFSIZE	512 -	char btmp[16];  	int bufnum=0,i,ii;  	BUF_MEM *buff=NULL;   	char *s,*p,*end;  	int again,n;  	long eline=0;4# +	char btmp[DECIMAL_SIZE(eline)+1];T  	CONF_VALUE *v=NULL,*tv;o  	CONF_VALUE *sv=NULL;  	char *section=NULL,*buf;: --- crypto/objects/obj_dat.c.orig	Mon Sep  4 09:34:35 20005 +++ crypto/objects/obj_dat.c	Fri Jul 26 10:43:56 2002g @@ -428,7 +428,7 @@0  	unsigned long l;  	unsigned char *p;1  	const char *s; -	char tbuf[32];/ +	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];s  ;  	if (buf_len <= 0) return(0);  e/ --- ssl/s2_clnt.c.orig	Sat Nov 10 03:43:51 2001V* +++ ssl/s2_clnt.c	Fri Jul 26 10:43:56 2002 @@ -116,6 +116,7 @@,  #include <openssl/buffer.h>  #include <openssl/objects.h>S  #include <openssl/evp.h>o +#include "cryptlib.h"  o4  static SSL_METHOD *ssl2_get_client_method(int ver);(  static int get_server_finished(SSL *s); @@ -517,6 +518,7 @@0  		}  		"2  	s->s2->conn_id_length=s->s2->tmp.conn_id_length;6 +	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);5  	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);S  	return(1);  	}n @@ -618,6 +620,7 @@:  		/* make key_arg data */  		i=EVP_CIPHER_iv_length(c);a  		sess->key_arg_length=i;$ +		die(i <= SSL_MAX_KEY_ARG_LENGTH);1  		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);f  E  		/* make a master key */ @@ -625,6 +628,7 @@s  		sess->master_key_length=i;p
  		if (i > 0)e  			{ & +			die(i <= sizeof sess->master_key);,  			if (RAND_bytes(sess->master_key,i) <= 0)  				{2  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -668,6 +672,7 @@9
  		d+=enc;  		karg=sess->key_arg_length;	"  		s2n(karg,p); /* key arg size */% +		die(karg <= sizeof sess->key_arg);e.  		memcpy(d,sess->key_arg,(unsigned int)karg);  		d+=karg;.  l @@ -688,6 +693,7 @@b  		{(  		p=(unsigned char *)s->init_buf->data;"  		*(p++)=SSL2_MT_CLIENT_FINISHED;7 +		die(s->s2->conn_id_length <= sizeof s->s2->conn_id);r@  		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);  o+  		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;5 @@ -944,6 +950,8 @@o  		{4  		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))  			{h% +			die(s->session->session_id_length * +			    <= sizeof s->session->session_id);*  			if (memcmp(buf,s->session->session_id,7  				(unsigned int)s->session->session_id_length) != 0)i  				{. --- ssl/s2_lib.c.orig	Tue Dec 26 05:06:47 2000) +++ ssl/s2_lib.c	Fri Jul 26 10:52:20 2002r @@ -62,6 +62,7 @@i  #include <openssl/rsa.h>i  #include <openssl/objects.h>s  #include <openssl/md5.h>  +#include "cryptlib.h"  t)  static long ssl2_default_timeout(void );r<  const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -425,10 +426,14 @@E  #endif   L  	km=s->s2->key_material;E@ +	die(s->s2->key_material_length <= sizeof s->s2->key_material);?  	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)+  		{  		MD5_Init(&ctx); -  +		 ) +		die(s->session->master_key_length >= 0t' +		    && s->session->master_key_lengthn( +		    < sizeof s->session->master_key);I  		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);c  		MD5_Update(&ctx,&c,1);   		c++;n @@ -463,6 +468,7 @@   /*	state=s->rwstate;*/   	error=s->error;b
  	s->error=0;0  +	die(error >= 0 && error <= 3);(  	i=ssl2_write(s,&(buf[3-error]),error);(  /*	if (i == error) s->rwstate=state; */  u/ --- ssl/s2_srvr.c.orig	Mon Jul  9 08:11:04 2001f* +++ ssl/s2_srvr.c	Fri Jul 26 12:11:39 2002 @@ -63,6 +63,7 @@l  #include <openssl/rand.h>  #include <openssl/objects.h>n  #include <openssl/evp.h>: +#include "cryptlib.h"  /4  static SSL_METHOD *ssl2_get_server_method(int ver);*  static int get_client_master_key(SSL *s); @@ -361,12 +362,19 @@    		n2s(p,i); s->s2->tmp.clear=i;  		n2s(p,i); s->s2->tmp.enc=i;*  		n2s(p,i); s->session->key_arg_length=i;: +		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) +		        {. +		        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,. +		                   SSL_R_KEY_ARG_TOO_LONG); +		        return -1;; +		        },  		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;  		s->init_num=0;*  		}   '  	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */U'  	p=(unsigned char *)s->init_buf->data;iC +	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);0"  	keya=s->session->key_arg_length;7  	n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;;-  	i=ssl2_read(s,(char *)&(p[s->init_num]),n);+ @@ -440,6 +448,7 @@   #endif(  _%  	if (is_export) i+=s->s2->tmp.clear;n& +	die(i <= SSL_MAX_MASTER_KEY_LENGTH);"  	s->session->master_key_length=i;3  	memcpy(s->session->master_key,p,(unsigned int)i);>  	return(1); @@ -580,6 +589,7 @@#"  	p+=s->s2->tmp.session_id_length;  y  	/* challenge */i: +	die(s->s2->challenge_length <= sizeof s->s2->challenge);C  	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);s  	return(1);	  mem_err:t @@ -730,6 +740,7 @@	  		}  -%  	/* SSL2_ST_GET_CLIENT_FINISHED_B */d6 +	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);M  	i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);E1  	if (i < (int)s->s2->conn_id_length-s->init_num);  		{ @@ -752,6 +763,7 @@R  		{(  		p=(unsigned char *)s->init_buf->data;   		*(p++)=SSL2_MT_SERVER_VERIFY;; +		die(s->s2->challenge_length <= sizeof s->s2->challenge);hD  		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);$  		/* p+=s->s2->challenge_length; */    @@ -771,6 +783,8 @@_(  		p=(unsigned char *)s->init_buf->data;"  		*(p++)=SSL2_MT_SERVER_FINISHED;  r$ +		die(s->session->session_id_length) +		    <= sizeof s->session->session_id);o#  		memcpy(p,s->session->session_id,>1  			(unsigned int)s->session->session_id_length);-*  		/* p+=s->session->session_id_length; *// --- ssl/s3_clnt.c.orig	Thu Oct 25 02:18:54 2001N* +++ ssl/s3_clnt.c	Fri Jul 26 10:56:23 2002 @@ -64,6 +64,7 @@c  #include <openssl/sha.h>d  #include <openssl/evp.h>i  #include "ssl_locl.h" +#include "cryptlib.h"  I4  static SSL_METHOD *ssl3_get_client_method(int ver);&  static int ssl3_client_hello(SSL *s); @@ -492,6 +493,7 @@i  		*(p++)=i;  		if (i != 0)  			{z, +			die(i <= sizeof s->session->session_id);'  			memcpy(p,s->session->session_id,i);d	  			p+=i;s  			}s @@ -572,6 +574,14 @@  	  	/* get the session-id */  	j= *(p++); +4- +       if(j > sizeof s->session->session_id)0 +               {@, +               al=SSL_AD_ILLEGAL_PARAMETER;3 +               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,d7 +                      SSL_R_SSL3_SESSION_ID_TOO_LONG);d +               goto f_err;o +               }S  E.  	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))  		{+ --- ssl/ssl.h.orig	Mon Dec 17 12:24:39 2001t& +++ ssl/ssl.h	Fri Jul 26 11:36:19 2002 @@ -1423,6 +1423,7 @@s&  #define SSL_R_INVALID_COMMAND				 280&  #define SSL_R_INVALID_PURPOSE				 278$  #define SSL_R_INVALID_TRUST				 279( +#define SSL_R_KEY_ARG_TOO_LONG				 1112&  #define SSL_R_LENGTH_MISMATCH				 159'  #define SSL_R_LENGTH_TOO_SHORT				 160-"  #define SSL_R_LIBRARY_BUG				 274 @@ -1491,6 +1492,7 @@(!  #define SSL_R_SHORT_READ				 21949  #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220-1  #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221s/ +#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113e/  #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222.1  #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042r0  #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 10200 --- ssl/ssl_asn1.c.orig	Thu Jun  1 16:19:19 2000+ +++ ssl/ssl_asn1.c	Fri Jul 26 11:37:53 2002y @@ -62,6 +62,7 @@i  #include <openssl/objects.h>e  #include <openssl/x509.h>  #include "ssl_locl.h" +#include "cryptlib.h"  @#  typedef struct ssl_session_asn1_st   	{s @@ -275,6 +276,7 @@=  		os.length=i;s  e#  	ret->session_id_length=os.length;s+ +	die(os.length <= sizeof ret->session_id);),  	memcpy(ret->session_id,os.data,os.length);  T,  	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);/ --- ssl/ssl_err.c.orig	Fri Nov  9 18:15:29 2001 * +++ ssl/ssl_err.c	Fri Jul 26 11:39:21 2002 @@ -1,6 +1,6 @@n  /* ssl/ssl_err.c */H  /* ====================================================================A - * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.AF + * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.   *nF   * Redistribution and use in source and binary forms, with or withoutF   * modification, are permitted provided that the following conditions @@ -275,6 +275,7 @@X>  {SSL_R_INVALID_COMMAND                   ,"invalid command"},>  {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},<  {SSL_R_INVALID_TRUST                     ,"invalid trust"},? +{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},c>  {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},?  {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"}, :  {SSL_R_LIBRARY_BUG                       ,"library bug"}, @@ -343,6 +344,7 @@s9  {SSL_R_SHORT_READ                        ,"short read"},_W  {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},nK  {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},tG +{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},iH  {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},J  {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},I  {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},R0 --- ssl/ssl_sess.c.orig	Wed Nov 29 11:12:32 2000+ +++ ssl/ssl_sess.c	Fri Jul 26 10:43:56 2002a @@ -60,6 +60,7 @@s  #include <openssl/lhash.h>g  #include <openssl/rand.h>  #include "ssl_locl.h" +#include "cryptlib.h"  hC  static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);n?  static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);s @@ -199,6 +200,7 @@   		ss->session_id_length=0;s  		}  "/ +	die(s->sid_ctx_length <= sizeof ss->sid_ctx);*3  	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);i'  	ss->sid_ctx_length=s->sid_ctx_length;   	s->session=ss;/ --- ssl/s3_srvr.c.orig	Thu Oct 25 02:18:56 2001n* +++ ssl/s3_srvr.c	Fri Jul 26 11:27:08 2002 @@ -122,6 +122,7 @@i  #include <openssl/evp.h>1  #include <openssl/x509.h>  #include "ssl_locl.h" +#include "cryptlib.h"  -4  static SSL_METHOD *ssl3_get_server_method(int ver);*  static int ssl3_get_client_hello(SSL *s); @@ -942,6 +943,7 @@S$  			s->session->session_id_length=0;   $  		sl=s->session->session_id_length;, +		die(sl <= sizeof s->session->session_id);
  		*(p++)=sl;('  		memcpy(p,s->session->session_id,sl); 	  		p+=sl;s  & --------------040702070909050702020402 Content-Type: text/plain;6%  name="openssl-0.9.6c-security.patch"i Content-Disposition: inline;)  filename="openssl-0.9.6c-security.patch"  Content-Transfer-Encoding: 7bit2  3 --- crypto/cryptlib.c.orig	Fri Nov 23 13:57:59 2001S. +++ crypto/cryptlib.c	Fri Jul 26 10:43:56 2002 @@ -491,3 +491,11 @@  #endife  L  #endifY +GA +void OpenSSLDie(const char *file,int line,const char *assertion)b +    {M +    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",G +	    file,line,assertion);e
 +    abort();_ +    } +T3 --- crypto/cryptlib.h.orig	Tue May  2 06:35:04 2000S. +++ crypto/cryptlib.h	Fri Jul 26 10:43:56 2002 @@ -89,6 +89,14 @@0  #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"1  #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"   /$ +/* size of string represenations */8 +#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)1 +#define HEX_SIZE(type)         ((sizeof(type)*2)l +  +/* die if we have to */B +void OpenSSLDie(const char *file,int line,const char *assertion);D +#define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) +o  #ifdef  __cplusplus  }  #endif>8 --- crypto/asn1/asn1_lib.c.orig	Fri Mar 30 06:42:32 20013 +++ crypto/asn1/asn1_lib.c	Fri Jul 26 10:43:56 2002v @@ -407,7 +407,7 @@+  s8  void asn1_add_error(unsigned char *address, int offset)  	{/ -	char buf1[16],buf2[16];=B +	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];  h-  	sprintf(buf1,"%lu",(unsigned long)address);e  	sprintf(buf2,"%d",offset);8 --- crypto/conf/conf_def.c.orig	Tue Jun  6 09:21:12 20003 +++ crypto/conf/conf_def.c	Fri Jul 26 10:43:56 2002w @@ -67,6 +67,7 @@   #include "conf_def.h"  #include <openssl/buffer.h>  #include <openssl/err.h>5 +#include "cryptlib.h"  M*  static char *eat_ws(CONF *conf, char *p);5  static char *eat_alpha_numeric(CONF *conf, char *p);p @@ -180,12 +181,12 @@_5  static int def_load(CONF *conf, BIO *in, long *line)E  	{_  #define BUFSIZE	512 -	char btmp[16];  	int bufnum=0,i,ii;  	BUF_MEM *buff=NULL;   	char *s,*p,*end;  	int again,n;  	long eline=0; # +	char btmp[DECIMAL_SIZE(eline)+1];r  	CONF_VALUE *v=NULL,*tv;   	CONF_VALUE *sv=NULL;  	char *section=NULL,*buf;: --- crypto/objects/obj_dat.c.orig	Mon Sep  4 09:34:35 20005 +++ crypto/objects/obj_dat.c	Fri Jul 26 10:43:56 2002a @@ -428,7 +428,7 @@c  	unsigned long l;  	unsigned char *p;O  	const char *s; -	char tbuf[32];/ +	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];      	if (buf_len <= 0) return(0);   / --- ssl/s2_clnt.c.orig	Sat Nov 10 03:43:51 2001s* +++ ssl/s2_clnt.c	Fri Jul 26 10:43:56 2002 @@ -116,6 +116,7 @@   #include <openssl/buffer.h>  #include <openssl/objects.h>O  #include <openssl/evp.h>  +#include "cryptlib.h"  /4  static SSL_METHOD *ssl2_get_client_method(int ver);(  static int get_server_finished(SSL *s); @@ -517,6 +518,7 @@   		}  		a2  	s->s2->conn_id_length=s->s2->tmp.conn_id_length;6 +	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);5  	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);i  	return(1);  	}l @@ -618,6 +620,7 @@S  		/* make key_arg data */  		i=EVP_CIPHER_iv_length(c);e  		sess->key_arg_length=i;$ +		die(i <= SSL_MAX_KEY_ARG_LENGTH);1  		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);t  e  		/* make a master key */ @@ -625,6 +628,7 @@s  		sess->master_key_length=i;r
  		if (i > 0)2  			{2& +			die(i <= sizeof sess->master_key);,  			if (RAND_bytes(sess->master_key,i) <= 0)  				{2  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -668,6 +672,7 @@t
  		d+=enc;  		karg=sess->key_arg_length;	"  		s2n(karg,p); /* key arg size */% +		die(karg <= sizeof sess->key_arg); .  		memcpy(d,sess->key_arg,(unsigned int)karg);  		d+=karg;-  s @@ -688,6 +693,7 @@t  		{(  		p=(unsigned char *)s->init_buf->data;"  		*(p++)=SSL2_MT_CLIENT_FINISHED;7 +		die(s->s2->conn_id_length <= sizeof s->s2->conn_id);2@  		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);  -+  		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;; @@ -944,6 +950,8 @@0  		{4  		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))  			{p% +			die(s->session->session_id_length2* +			    <= sizeof s->session->session_id);*  			if (memcmp(buf,s->session->session_id,7  				(unsigned int)s->session->session_id_length) != 0)e  				{. --- ssl/s2_lib.c.orig	Tue Dec 26 05:06:47 2000) +++ ssl/s2_lib.c	Fri Jul 26 10:52:20 2002i @@ -62,6 +62,7 @@   #include <openssl/rsa.h>   #include <openssl/objects.h>p  #include <openssl/md5.h>  +#include "cryptlib.h"  o)  static long ssl2_default_timeout(void );9<  const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -425,10 +426,14 @@L  #endif   S  	km=s->s2->key_material;e@ +	die(s->s2->key_material_length <= sizeof s->s2->key_material);?  	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)p  		{  		MD5_Init(&ctx); -e +		/) +		die(s->session->master_key_length >= 0e' +		    && s->session->master_key_length	( +		    < sizeof s->session->master_key);I  		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);b  		MD5_Update(&ctx,&c,1);   		c++;  @@ -463,6 +468,7 @@c  /*	state=s->rwstate;*/   	error=s->error;@
  	s->error=0;s  +	die(error >= 0 && error <= 3);(  	i=ssl2_write(s,&(buf[3-error]),error);(  /*	if (i == error) s->rwstate=state; */  b/ --- ssl/s2_srvr.c.orig	Wed Nov 14 14:19:47 2001"* +++ ssl/s2_srvr.c	Fri Jul 26 10:43:56 2002 @@ -116,6 +116,7 @@   #include <openssl/rand.h>  #include <openssl/objects.h>r  #include <openssl/evp.h>l +#include "cryptlib.h"  64  static SSL_METHOD *ssl2_get_server_method(int ver);*  static int get_client_master_key(SSL *s); @@ -417,11 +418,18 @@    		n2s(p,i); s->s2->tmp.clear=i;  		n2s(p,i); s->s2->tmp.enc=i;*  		n2s(p,i); s->session->key_arg_length=i;: +		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) +			{u' +			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,[  +				   SSL_R_KEY_ARG_TOO_LONG); +			return -1; +			}r,  		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;  		}  b'  	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */E'  	p=(unsigned char *)s->init_buf->data;	C +	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);4"  	keya=s->session->key_arg_length;c  	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;	1  	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)A @@ -502,6 +510,7 @@E  #endif    %  	if (is_export) i+=s->s2->tmp.clear; & +	die(i <= SSL_MAX_MASTER_KEY_LENGTH);"  	s->session->master_key_length=i;3  	memcpy(s->session->master_key,p,(unsigned int)i);l  	return(1); @@ -649,6 +658,7 @@c"  	p+=s->s2->tmp.session_id_length;  n  	/* challenge */ : +	die(s->s2->challenge_length <= sizeof s->s2->challenge);C  	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);	  	return(1);	  mem_err:t @@ -800,6 +810,7 @@l  		}  	%  	/* SSL2_ST_GET_CLIENT_FINISHED_B */s6 +	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);1  	len = 1 + (unsigned long)s->s2->conn_id_length;@  	n = (int)len - s->init_num; /  	i = ssl2_read(s,(char *)&(p[s->init_num]),n);l @@ -825,6 +836,7 @@   		{(  		p=(unsigned char *)s->init_buf->data;   		*(p++)=SSL2_MT_SERVER_VERIFY;; +		die(s->s2->challenge_length <= sizeof s->s2->challenge);sD  		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);$  		/* p+=s->s2->challenge_length; */  s @@ -844,6 +856,8 @@	(  		p=(unsigned char *)s->init_buf->data;"  		*(p++)=SSL2_MT_SERVER_FINISHED;  d$ +		die(s->session->session_id_length) +		    <= sizeof s->session->session_id);e#  		memcpy(p,s->session->session_id,m1  			(unsigned int)s->session->session_id_length);a*  		/* p+=s->session->session_id_length; *// --- ssl/s3_clnt.c.orig	Thu Oct 25 02:18:54 20012* +++ ssl/s3_clnt.c	Fri Jul 26 10:56:23 2002 @@ -64,6 +64,7 @@>  #include <openssl/sha.h>,  #include <openssl/evp.h>t  #include "ssl_locl.h" +#include "cryptlib.h"  E4  static SSL_METHOD *ssl3_get_client_method(int ver);&  static int ssl3_client_hello(SSL *s); @@ -492,6 +493,7 @@	  		*(p++)=i;  		if (i != 0)  			{ , +			die(i <= sizeof s->session->session_id);'  			memcpy(p,s->session->session_id,i); 	  			p+=i;n  			}s @@ -572,6 +574,14 @@  g  	/* get the session-id */  	j= *(p++); + - +       if(j > sizeof s->session->session_id)2 +               {@, +               al=SSL_AD_ILLEGAL_PARAMETER;3 +               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,57 +                      SSL_R_SSL3_SESSION_ID_TOO_LONG);l +               goto f_err;a +               }=  L.  	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))  		{+ --- ssl/ssl.h.orig	Mon Dec 17 12:24:39 2001(& +++ ssl/ssl.h	Fri Jul 26 11:36:19 2002 @@ -1423,6 +1423,7 @@o&  #define SSL_R_INVALID_COMMAND				 280&  #define SSL_R_INVALID_PURPOSE				 278$  #define SSL_R_INVALID_TRUST				 279( +#define SSL_R_KEY_ARG_TOO_LONG				 1112&  #define SSL_R_LENGTH_MISMATCH				 159'  #define SSL_R_LENGTH_TOO_SHORT				 160c"  #define SSL_R_LIBRARY_BUG				 274 @@ -1491,6 +1492,7 @@ !  #define SSL_R_SHORT_READ				 219n9  #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220-1  #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221 / +#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113 /  #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222 1  #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042s0  #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 10200 --- ssl/ssl_asn1.c.orig	Thu Jun  1 16:19:19 2000+ +++ ssl/ssl_asn1.c	Fri Jul 26 11:37:53 2002  @@ -62,6 +62,7 @@.  #include <openssl/objects.h>2  #include <openssl/x509.h>  #include "ssl_locl.h" +#include "cryptlib.h"  6#  typedef struct ssl_session_asn1_st>  	{l @@ -275,6 +276,7 @@s  		os.length=i;   n#  	ret->session_id_length=os.length;;+ +	die(os.length <= sizeof ret->session_id);K,  	memcpy(ret->session_id,os.data,os.length);  S,  	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);/ --- ssl/ssl_err.c.orig	Fri Nov  9 18:15:29 20011* +++ ssl/ssl_err.c	Fri Jul 26 11:39:21 2002 @@ -1,6 +1,6 @@;  /* ssl/ssl_err.c */H  /* ====================================================================A - * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.NF + * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.   *rF   * Redistribution and use in source and binary forms, with or withoutF   * modification, are permitted provided that the following conditions @@ -275,6 +275,7 @@i>  {SSL_R_INVALID_COMMAND                   ,"invalid command"},>  {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},<  {SSL_R_INVALID_TRUST                     ,"invalid trust"},? +{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},s>  {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},?  {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},,:  {SSL_R_LIBRARY_BUG                       ,"library bug"}, @@ -343,6 +344,7 @@_9  {SSL_R_SHORT_READ                        ,"short read"}, W  {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},eK  {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},-G +{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},gH  {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},J  {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},I  {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},=0 --- ssl/ssl_sess.c.orig	Wed Nov 29 11:12:32 2000+ +++ ssl/ssl_sess.c	Fri Jul 26 10:43:56 2002- @@ -60,6 +60,7 @@m  #include <openssl/lhash.h>d  #include <openssl/rand.h>  #include "ssl_locl.h" +#include "cryptlib.h"  sC  static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); ?  static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);# @@ -199,6 +200,7 @@h  		ss->session_id_length=0;i  		}  d/ +	die(s->sid_ctx_length <= sizeof ss->sid_ctx);i3  	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);i'  	ss->sid_ctx_length=s->sid_ctx_length;,  	s->session=ss;/ --- ssl/s3_srvr.c.orig	Thu Oct 25 02:18:56 2001z* +++ ssl/s3_srvr.c	Fri Jul 26 11:27:08 2002 @@ -122,6 +122,7 @@,  #include <openssl/evp.h>@  #include <openssl/x509.h>  #include "ssl_locl.h" +#include "cryptlib.h"  f4  static SSL_METHOD *ssl3_get_server_method(int ver);*  static int ssl3_get_client_hello(SSL *s); @@ -942,6 +943,7 @@ $  			s->session->session_id_length=0;   $  		sl=s->session->session_id_length;, +		die(sl <= sizeof s->session->session_id);
  		*(p++)=sl; '  		memcpy(p,s->session->session_id,sl);I	  		p+=sl;)  & --------------040702070909050702020402 Content-Type: text/plain;r  name="openssl-0.9.7-sec.patch"6 Content-Disposition: inline;#  filename="openssl-0.9.7-sec.patch"R Content-Transfer-Encoding: 7bite   Index: CHANGESC ===================================================================L* RCS file: /e/openssl/cvs/openssl/CHANGES,v retrieving revision 1.977.2.42 diff -u -r1.977.2.42 CHANGES* --- CHANGES	2002/07/16 09:18:25	1.977.2.42 +++ CHANGES	2002/07/30 09:54:48U @@ -4,6 +4,38 @@  R1   Changes between 0.9.6e and 0.9.7  [XX xxx 2002]I  E@ +Changes marked "(CHATS)" were sponsored by the Defense AdvancedD +Research Projects Agency (DARPA) and Air Force Research Laboratory,9 +Air Force Materiel Command, USAF, under agreement numberR +F30602-01-2-0537. +s> +  *) Add various sanity checks to asn1_get_length() to rejectD +     the ASN1 length bytes if they exceed sizeof(long), will appear> +     negative or the content length exceeds the length of the& +     supplied buffer. (CAN-2002-0659)O +     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]s +nE +  *) Assertions for various potential buffer overflows, not known to	 +     happen in practice.a +     [Ben Laurie (CHATS)] +IG +  *) Various temporary buffers to hold ASCII versions of integers were:5 +     too small for 64 bit platforms. (CAN-2002-0655)@I +     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>= +=A +  *) Remote buffer overflow in SSL3 protocol - an attacker couldPB +     supply an oversized master key in Kerberos-enabled versions. +     (CAN-2002-0657)s +     [Ben Laurie (CHATS)] +uA +  *) Remote buffer overflow in SSL3 protocol - an attacker couldiA +     supply an oversized session ID to a client. (CAN-2002-0656)7 +     [Ben Laurie (CHATS)] +_A +  *) Remote buffer overflow in SSL2 protocol - an attacker couldP< +     supply an oversized client master key. (CAN-2002-0656) +     [Ben Laurie (CHATS)] +iC    *) Add appropriate support for separate platform-dependent buildoD       directories.  The recommended way to make a platform-dependentD       build directory is the following (tested on Linux), maybe with @@ -1654,6 +1686,12 @@       [Richard Levitte]   "2   Changes between 0.9.6d and 0.9.6e  [XX xxx XXXX] + > +  *) Add various sanity checks to asn1_get_length() to rejectD +     the ASN1 length bytes if they exceed sizeof(long), will appear> +     negative or the content length exceeds the length of the +     supplied buffer.O +     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]R   L    *) Fix cipher selection routines: ciphers without encryption had no flagsK       for the cipher strength set and where therefore not handled correctly  Index: crypto/cryptlib.cC ===================================================================_4 RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.c,v retrieving revision 1.32 diff -u -r1.32 cryptlib.c.. --- crypto/cryptlib.c	2001/11/24 04:02:42	1.32) +++ crypto/cryptlib.c	2002/07/30 09:54:50e @@ -492,3 +492,11 @@  #endifn  s  #endifd +LA +void OpenSSLDie(const char *file,int line,const char *assertion)@ +    {M +    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",t +	    file,line,assertion);>
 +    abort();c +    } +i Index: crypto/cryptlib.hC =================================================================== 4 RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.h,v retrieving revision 1.10 diff -u -r1.10 cryptlib.h1. --- crypto/cryptlib.h	2001/02/22 14:44:54	1.10) +++ crypto/cryptlib.h	2002/07/30 09:54:50S @@ -89,6 +89,14 @@0  #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"1  #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"i  >$ +/* size of string represenations */8 +#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)1 +#define HEX_SIZE(type)         ((sizeof(type)*2)n +e +/* die if we have to */B +void OpenSSLDie(const char *file,int line,const char *assertion);D +#define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) +   #ifdef  __cplusplus  }  #endifp Index: crypto/asn1/asn1_lib.cnC =================================================================== 9 RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v1 retrieving revision 1.20.2.1 diff -u -r1.20.2.1 asn1_lib.c 7 --- crypto/asn1/asn1_lib.c	2002/06/13 17:38:46	1.20.2.1n. +++ crypto/asn1/asn1_lib.c	2002/07/30 09:54:51 @@ -124,15 +124,13 @@	  		(int)(omax+ *pp));)     #endift -#if 0" -	if ((p+ *plength) > (omax+ *pp))$ +	if (*plength > (omax - (*pp - p)))  		{3  		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);#9  		/* Set this so that even if things are not long enough0%  		 * the values are set correctly */ 
  		ret|=0x80;   		} -#endifa  	*pp=p;  	return(ret|inf);  err:  @@ -159,6 +157,8 @@2  		i= *p&0x7f;  		if (*(p++) & 0x80)   			{f +			if (i > sizeof(long))w +				return 0;  			if (max-- == 0) return(0);  			while (i-- > 0)a  				{ @@ -170,6 +170,8 @@(  		elsed
  			ret=i;  		} +	if (ret < 0) +		return 0;  	*pp=p;
  	*rl=ret;  	return(1); @@ -407,7 +409,7 @@b  o8  void asn1_add_error(unsigned char *address, int offset)  	{l -	char buf1[16],buf2[16];,B +	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];  e-  	sprintf(buf1,"%lu",(unsigned long)address);f  	sprintf(buf2,"%d",offset); Index: crypto/conf/conf_def.c C ===================================================================f9 RCS file: /e/openssl/cvs/openssl/crypto/conf/conf_def.c,v  retrieving revision 1.12 diff -u -r1.12 conf_def.c23 --- crypto/conf/conf_def.c	2002/01/24 16:15:17	1.12n. +++ crypto/conf/conf_def.c	2002/07/30 09:54:51 @@ -67,6 +67,7 @@y  #include "conf_def.h"  #include <openssl/buffer.h>  #include <openssl/err.h>_ +#include "cryptlib.h"  )*  static char *eat_ws(CONF *conf, char *p);5  static char *eat_alpha_numeric(CONF *conf, char *p);B @@ -208,12 +209,12 @@[9  static int def_load_bio(CONF *conf, BIO *in, long *line)*  	{*  #define BUFSIZE	512 -	char btmp[16];  	int bufnum=0,i,ii;  	BUF_MEM *buff=NULL;V  	char *s,*p,*end;  	int again,n;  	long eline=0;e# +	char btmp[DECIMAL_SIZE(eline)+1];o  	CONF_VALUE *v=NULL,*tv;:  	CONF_VALUE *sv=NULL;  	char *section=NULL,*buf; Index: crypto/conf/conf_mod.c7C ===================================================================h9 RCS file: /e/openssl/cvs/openssl/crypto/conf/conf_mod.c,v] retrieving revision 1.8.2.6e diff -u -r1.8.2.6 conf_mod.c6 --- crypto/conf/conf_mod.c	2002/05/08 15:13:24	1.8.2.6. +++ crypto/conf/conf_mod.c	2002/07/30 09:54:52 @@ -230,7 +230,7 @@.  		{%  		if (!(flags & CONF_MFLAGS_SILENT))   			{l -			char rcode[10];c$ +			char rcode[DECIMAL_SIZE(ret)+1];J  			CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);   			sprintf(rcode, "%-8d", ret);S  			ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);o  Index: crypto/engine/hw_cswift.cC ===================================================================,< RCS file: /e/openssl/cvs/openssl/crypto/engine/hw_cswift.c,v retrieving revision 1.17.2.1 diff -u -r1.17.2.1 hw_cswift.c: --- crypto/engine/hw_cswift.c	2002/06/21 02:48:52	1.17.2.11 +++ crypto/engine/hw_cswift.c	2002/07/30 09:54:536 @@ -501,7 +501,7 @@s  		goto err;
  	default:  		{ -		char tmpbuf[20]; * +		char tmpbuf[DECIMAL_SIZE(sw_status)+1];>  		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);%  		sprintf(tmpbuf, "%ld", sw_status);6@  		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -518,7 +518,7 @@/E  	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,s  		&res, 1)) != SW_OK)  		{ -		char tmpbuf[20];7* +		char tmpbuf[DECIMAL_SIZE(sw_status)+1];>  		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);%  		sprintf(tmpbuf, "%ld", sw_status); @  		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -608,7 +608,7 @@S  		goto err;
  	default:  		{ -		char tmpbuf[20];{* +		char tmpbuf[DECIMAL_SIZE(sw_status)+1];B  		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);%  		sprintf(tmpbuf, "%ld", sw_status);	@  		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -625,7 +625,7 @@hI  	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,2  		&res, 1)) != SW_OK)  		{ -		char tmpbuf[20]; * +		char tmpbuf[DECIMAL_SIZE(sw_status)+1];B  		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);%  		sprintf(tmpbuf, "%ld", sw_status);(@  		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -740,7 +740,7 @@,  		goto err;
  	default:  		{ -		char tmpbuf[20];i* +		char tmpbuf[DECIMAL_SIZE(sw_status)+1];?  		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);5%  		sprintf(tmpbuf, "%ld", sw_status);x@  		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -758,7 +758,7 @@k  		&res, 1);  	if(sw_status != SW_OK)  		{ -		char tmpbuf[20];(* +		char tmpbuf[DECIMAL_SIZE(sw_status)+1];?  		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); %  		sprintf(tmpbuf, "%ld", sw_status);	@  		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -852,7 +852,7 @@b  		goto err;
  	default:  		{ -		char tmpbuf[20];s* +		char tmpbuf[DECIMAL_SIZE(sw_status)+1];A  		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);-%  		sprintf(tmpbuf, "%ld", sw_status);n@  		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -874,7 +874,7 @@"  		&res, 1);  	if(sw_status != SW_OK)  		{ -		char tmpbuf[20]; * +		char tmpbuf[DECIMAL_SIZE(sw_status)+1];A  		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);2%  		sprintf(tmpbuf, "%ld", sw_status);k@  		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); Index: crypto/objects/obj_dat.cLC ===================================================================u; RCS file: /e/openssl/cvs/openssl/crypto/objects/obj_dat.c,v  retrieving revision 1.23.2.3 diff -u -r1.23.2.3 obj_dat.c9 --- crypto/objects/obj_dat.c	2002/05/30 16:49:44	1.23.2.3 0 +++ crypto/objects/obj_dat.c	2002/07/30 09:54:53 @@ -436,7 +436,7 @@l  	unsigned long l;  	unsigned char *p;-  	const char *s; -	char tbuf[32];/ +	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];M  R  	if (buf_len <= 0) return(0);  0 Index: ssl/s2_clnt.cC ===================================================================S0 RCS file: /e/openssl/cvs/openssl/ssl/s2_clnt.c,v retrieving revision 1.37 diff -u -r1.37 s2_clnt.c* --- ssl/s2_clnt.c	2002/01/12 15:56:10	1.37% +++ ssl/s2_clnt.c	2002/07/30 09:55:01	 @@ -116,6 +116,7 @@i  #include <openssl/buffer.h>  #include <openssl/objects.h>c  #include <openssl/evp.h>g +#include "cryptlib.h"  n4  static SSL_METHOD *ssl2_get_client_method(int ver);(  static int get_server_finished(SSL *s); @@ -535,6 +536,7 @@-  		}  		n2  	s->s2->conn_id_length=s->s2->tmp.conn_id_length;6 +	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);5  	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);l  	return(1);  	}@ @@ -636,6 +638,7 @@n  		/* make key_arg data */  		i=EVP_CIPHER_iv_length(c);F  		sess->key_arg_length=i;$ +		die(i <= SSL_MAX_KEY_ARG_LENGTH);1  		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);h  e  		/* make a master key */ @@ -643,6 +646,7 @@/  		sess->master_key_length=i;p
  		if (i > 0)   			{i& +			die(i <= sizeof sess->master_key);,  			if (RAND_bytes(sess->master_key,i) <= 0)  				{2  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -686,6 +690,7 @@_
  		d+=enc;  		karg=sess->key_arg_length;	"  		s2n(karg,p); /* key arg size */% +		die(karg <= sizeof sess->key_arg);..  		memcpy(d,sess->key_arg,(unsigned int)karg);  		d+=karg;1  6 @@ -706,6 +711,7 @@4  		{(  		p=(unsigned char *)s->init_buf->data;"  		*(p++)=SSL2_MT_CLIENT_FINISHED;7 +		die(s->s2->conn_id_length <= sizeof s->s2->conn_id);g@  		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);  @+  		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;  @@ -978,6 +984,8 @@   		{4  		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))  			{n% +			die(s->session->session_id_length * +			    <= sizeof s->session->session_id);*  			if (memcmp(buf,s->session->session_id,7  				(unsigned int)s->session->session_id_length) != 0)   				{ Index: ssl/s2_lib.c C =================================================================== / RCS file: /e/openssl/cvs/openssl/ssl/s2_lib.c,v  retrieving revision 1.39.2.1 diff -u -r1.39.2.1 s2_lib.c)- --- ssl/s2_lib.c	2002/07/10 06:40:18	1.39.2.1/$ +++ ssl/s2_lib.c	2002/07/30 09:55:01 @@ -63,6 +63,7 @@u  #include <openssl/objects.h>+  #include <openssl/evp.h>I  #include <openssl/md5.h>e +#include "cryptlib.h"  	)  static long ssl2_default_timeout(void );9<  const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -428,10 +429,14 @@#  #endifL  	EVP_MD_CTX_init(&ctx);  	km=s->s2->key_material;B@ +	die(s->s2->key_material_length <= sizeof s->s2->key_material);?  	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)   		{+  		EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);   e) +		die(s->session->master_key_length >= 0 ' +		    && s->session->master_key_lengthT( +		    < sizeof s->session->master_key);O  		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);_  		EVP_DigestUpdate(&ctx,&c,1);0  		c++;s @@ -467,6 +472,7 @@2  /*	state=s->rwstate;*/6  	error=s->error;d
  	s->error=0;c  +	die(error >= 0 && error <= 3);(  	i=ssl2_write(s,&(buf[3-error]),error);(  /*	if (i == error) s->rwstate=state; */  s Index: ssl/s2_srvr.cC =================================================================== 0 RCS file: /e/openssl/cvs/openssl/ssl/s2_srvr.c,v retrieving revision 1.36 diff -u -r1.36 s2_srvr.c* --- ssl/s2_srvr.c	2002/01/12 15:56:11	1.36% +++ ssl/s2_srvr.c	2002/07/30 09:55:022 @@ -116,6 +116,7 @@.  #include <openssl/rand.h>  #include <openssl/objects.h>r  #include <openssl/evp.h>= +#include "cryptlib.h"  =4  static SSL_METHOD *ssl2_get_server_method(int ver);*  static int get_client_master_key(SSL *s); @@ -417,11 +418,18 @@    		n2s(p,i); s->s2->tmp.clear=i;  		n2s(p,i); s->s2->tmp.enc=i;*  		n2s(p,i); s->session->key_arg_length=i;: +		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) +			{w' +			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,S  +				   SSL_R_KEY_ARG_TOO_LONG); +			return -1; +			},,  		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;  		}  u'  	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ '  	p=(unsigned char *)s->init_buf->data;_C +	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);M"  	keya=s->session->key_arg_length;c  	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; 1  	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)7 @@ -504,6 +512,7 @@E  #endif    %  	if (is_export) i+=s->s2->tmp.clear;I& +	die(i <= SSL_MAX_MASTER_KEY_LENGTH);"  	s->session->master_key_length=i;3  	memcpy(s->session->master_key,p,(unsigned int)i);   	return(1); @@ -670,6 +679,7 @@_"  	p+=s->s2->tmp.session_id_length;  3  	/* challenge */g: +	die(s->s2->challenge_length <= sizeof s->s2->challenge);C  	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);   	return(1);	  mem_err:  @@ -826,6 +836,7 @@A  		}  M%  	/* SSL2_ST_GET_CLIENT_FINISHED_B */}6 +	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);1  	len = 1 + (unsigned long)s->s2->conn_id_length;6  	n = (int)len - s->init_num;l/  	i = ssl2_read(s,(char *)&(p[s->init_num]),n);s @@ -853,6 +864,7 @@   		{(  		p=(unsigned char *)s->init_buf->data;   		*(p++)=SSL2_MT_SERVER_VERIFY;; +		die(s->s2->challenge_length <= sizeof s->s2->challenge);ID  		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);$  		/* p+=s->s2->challenge_length; */  i @@ -872,6 +884,8 @@-(  		p=(unsigned char *)s->init_buf->data;"  		*(p++)=SSL2_MT_SERVER_FINISHED;  ,$ +		die(s->session->session_id_length) +		    <= sizeof s->session->session_id);s#  		memcpy(p,s->session->session_id,21  			(unsigned int)s->session->session_id_length);d*  		/* p+=s->session->session_id_length; */ Index: ssl/s3_clnt.cC ===================================================================n0 RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v retrieving revision 1.53.2.2 diff -u -r1.53.2.2 s3_clnt.c. --- ssl/s3_clnt.c	2002/07/10 06:57:48	1.53.2.2% +++ ssl/s3_clnt.c	2002/07/30 09:55:03  @@ -117,6 +117,7 @@n  #include <openssl/objects.h>   #include <openssl/evp.h>9  #include <openssl/md5.h>  +#include "cryptlib.h"  l4  static SSL_METHOD *ssl3_get_client_method(int ver);&  static int ssl3_client_hello(SSL *s); @@ -545,6 +546,7 @@7  		*(p++)=i;  		if (i != 0)  			{=, +			die(i <= sizeof s->session->session_id);'  			memcpy(p,s->session->session_id,i);l	  			p+=i;   			}i @@ -626,6 +628,14 @@  	/* get the session-id */  	j= *(p++);  0- +       if(j > sizeof s->session->session_id)0 +               {-, +               al=SSL_AD_ILLEGAL_PARAMETER;3 +               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 7 +                      SSL_R_SSL3_SESSION_ID_TOO_LONG);s +               goto f_err;  +               }, +A.  	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))  		{  		/* SSLref returns 16 :-( */ @@ -1588,6 +1598,7 @@e   				SSL_MAX_MASTER_KEY_LENGTH);7  			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);,  			outl += padl;  +			die(outl <= sizeof epms);e&  			EVP_CIPHER_CTX_cleanup(&ciph_ctx);  f3  			/*  KerberosWrapper.EncryptedPreMasterSecret	*/s Index: ssl/s3_srvr.cC ===================================================================l0 RCS file: /e/openssl/cvs/openssl/ssl/s3_srvr.c,v retrieving revision 1.85.2.5 diff -u -r1.85.2.5 s3_srvr.c. --- ssl/s3_srvr.c	2002/07/10 06:57:50	1.85.2.5% +++ ssl/s3_srvr.c	2002/07/30 09:55:04a @@ -123,6 +123,7 @@5  #include <openssl/x509.h>  #include <openssl/krb5_asn.h>  #include <openssl/md5.h>* +#include "cryptlib.h"   4  static SSL_METHOD *ssl3_get_server_method(int ver);*  static int ssl3_get_client_hello(SSL *s); @@ -964,6 +965,7 @@-$  			s->session->session_id_length=0;   $  		sl=s->session->session_id_length;, +		die(sl <= sizeof s->session->session_id);
  		*(p++)=sl; '  		memcpy(p,s->session->session_id,sl);B	  		p+=sl;C @@ -1559,8 +1561,8 @@e  		EVP_CIPHER		*enc = NULL;o(  		unsigned char		iv[EVP_MAX_IV_LENGTH];/  		unsigned char		pms[SSL_MAX_MASTER_KEY_LENGTH   -						+ EVP_MAX_IV_LENGTH + 1];# -		int 			padl, outl = sizeof(pms);pH +                                               + EVP_MAX_BLOCK_LENGTH];& +		int                     padl, outl;   		krb5_timestamp		authtime = 0;  		krb5_ticket_times	ttimes;  6 @@ -1582,6 +1584,16 @@  		enc_pms.length = i;  		enc_pms.data = (char *)p;  		p+=enc_pms.length;d +a2 +		/* Note that the length is checked again below, +		** after decryption +		*/t" +		if(enc.pms_length > sizeof pms) +			{ . +			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,' +			       SSL_R_DATA_LENGTH_TOO_LONG);S
 +			goto err;i +			}s  @6  		if (n != enc_ticket.length + authenticator.length +  						enc_pms.length + 6) Index: ssl/ssl.hC =================================================================== , RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v retrieving revision 1.126.2.7= diff -u -r1.126.2.7 ssl.h=+ --- ssl/ssl.h	2002/07/04 08:50:31	1.126.2.7c! +++ ssl/ssl.h	2002/07/30 09:55:05r @@ -1650,6 +1650,7 @@i&  #define SSL_R_INVALID_COMMAND				 280&  #define SSL_R_INVALID_PURPOSE				 278$  #define SSL_R_INVALID_TRUST				 279( +#define SSL_R_KEY_ARG_TOO_LONG				 1112  #define SSL_R_KRB5					 1104c'  #define SSL_R_KRB5_C_CC_PRINC				 1094@'  #define SSL_R_KRB5_C_GET_CRED				 1095e @@ -1729,6 +1730,7 @@s!  #define SSL_R_SHORT_READ				 219l9  #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220/1  #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221=/ +#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113l/  #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222s1  #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042y0  #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020 Index: ssl/ssl_asn1.c5C ===================================================================I1 RCS file: /e/openssl/cvs/openssl/ssl/ssl_asn1.c,vE retrieving revision 1.9.2.2p diff -u -r1.9.2.2 ssl_asn1.c. --- ssl/ssl_asn1.c	2002/07/10 06:57:51	1.9.2.2& +++ ssl/ssl_asn1.c	2002/07/30 09:55:05 @@ -62,6 +62,7 @@   #include <openssl/asn1_mac.h>  #include <openssl/objects.h>n  #include <openssl/x509.h> +#include "cryptlib.h"  O#  typedef struct ssl_session_asn1_st   	{f @@ -296,6 +297,7 @@   		os.length=i;c  t#  	ret->session_id_length=os.length;=+ +	die(os.length <= sizeof ret->session_id);=,  	memcpy(ret->session_id,os.data,os.length);  1,  	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); Index: ssl/ssl_err.cC ===================================================================+0 RCS file: /e/openssl/cvs/openssl/ssl/ssl_err.c,v retrieving revision 1.41 diff -u -r1.41 ssl_err.c* --- ssl/ssl_err.c	2001/11/10 01:16:28	1.41% +++ ssl/ssl_err.c	2002/07/30 09:55:06) @@ -1,6 +1,6 @@e  /* ssl/ssl_err.c */H  /* ====================================================================A - * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.	F + * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.   *iF   * Redistribution and use in source and binary forms, with or withoutF   * modification, are permitted provided that the following conditions @@ -275,6 +275,7 @@8>  {SSL_R_INVALID_COMMAND                   ,"invalid command"},>  {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},<  {SSL_R_INVALID_TRUST                     ,"invalid trust"},? +{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},b3  {SSL_R_KRB5                              ,"krb5"},"Q  {SSL_R_KRB5_C_CC_PRINC                   ,"krb5 client cc principal (no tkt?)"},eC  {SSL_R_KRB5_C_GET_CRED                   ,"krb5 client get cred"},= @@ -354,6 +355,7 @@e9  {SSL_R_SHORT_READ                        ,"short read"},sW  {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},nK  {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},dG +{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"}, H  {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},J  {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},I  {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},e Index: ssl/ssl_sess.cmC ===================================================================n1 RCS file: /e/openssl/cvs/openssl/ssl/ssl_sess.c,vE retrieving revision 1.40 diff -u -r1.40 ssl_sess.c	+ --- ssl/ssl_sess.c	2002/02/10 12:46:41	1.40u& +++ ssl/ssl_sess.c	2002/07/30 09:55:06 @@ -60,6 +60,7 @@=  #include <openssl/lhash.h>=  #include <openssl/rand.h>  #include "ssl_locl.h" +#include "cryptlib.h"  rC  static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);n?  static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);d @@ -250,6 +251,7 @@2  		ss->session_id_length=0;   		}  f/ +	die(s->sid_ctx_length <= sizeof ss->sid_ctx);o3  	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);O'  	ss->sid_ctx_length=s->sid_ctx_length;D  	s->session=ss;  ( --------------040702070909050702020402--  F ______________________________________________________________________F OpenSSL Project                                 http://www.openssl.orgF User Support Mailing List                    openssl-users@openssl.orgF Automated List Manager                           majordomo@openssl.org    / ----Next_Part(Tue_Jul_30_16:44:13_2002_248)----	   ------------------------------  , Date: Tue, 30 Jul 2002 16:43:04 +0200 (CEST)9 From: Richard Levitte - VMS Whacker <levitte@openssl.org>a> Subject: Fw: OpenSSL Security Altert - Remote Buffer Overflows: Message-ID: <20020730.164304.93385518.levitte@openssl.org>  - ----Next_Part(Tue_Jul_30_16:43:04_2002_639)--d* Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit   E OpenSSL security advisory.  Applie to all SSLeay and OpenSSL versions	 until today.   --  + Richard Levitte         levitte@openssl.orgC8 OpenSSL Project         http://www.openssl.org/~levitte/    - ----Next_Part(Tue_Jul_30_16:43:04_2002_639)--" Content-Type: Message/Rfc822 Content-Disposition: inliner  6 Return-Path: owner-mmx-openssl-dev@mmx.engelschall.comI Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])s< 	by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id MAA22569H 	for <levitte@stacken.kth.se>; Tue, 30 Jul 2002 12:12:38 +0200 (MET DST)* Received: by mmx.engelschall.com (Postfix)6 	id BDC94194F3; Tue, 30 Jul 2002 12:10:34 +0200 (CEST)O Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])c: 	by mmx.engelschall.com (Postfix) with ESMTP id 25173194C3R 	for <mmx-openssl-dev@mmx.engelschall.com>; Tue, 30 Jul 2002 12:10:34 +0200 (CEST)C Received: by en5.engelschall.com (Sendmail 8.9.2) for openssl-dev-L 7 	id MAA23998; Tue, 30 Jul 2002 12:10:03 +0200 (MET DST) ; Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTPLU 	from scuzzy.ben.algroup.co.uk id MAA23609; Tue, 30 Jul 2002 12:08:34 +0200 (MET DST) G Received: from algroup.co.uk (wiese.ben.algroup.co.uk [193.133.15.150])w1 	by scuzzy.ben.algroup.co.uk (Postfix) with ESMTPk5 	id 729748BC25; Tue, 30 Jul 2002 10:08:28 +0000 (GMT) , Message-ID: <3D4665A5.1030502@algroup.co.uk>% Date: Tue, 30 Jul 2002 11:08:37 +0100T$ From: Ben Laurie <ben@algroup.co.uk>T User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530 X-Accept-Language: en-us, en MIME-Version: 1.0 D To: OpenSSL Dev <openssl-dev@openssl.org>, openssl-users@openssl.org: Subject: OpenSSL Security Altert - Remote Buffer Overflows Content-Type: multipart/mixed;0  boundary="------------040505000403060304090101"% Sender: owner-openssl-dev@openssl.org  Precedence: bulk! Reply-To: openssl-dev@openssl.orgs( X-Sender: Ben Laurie <ben@algroup.co.uk>2 X-List-Manager: OpenSSL Majordomo [version 1.94.4] X-List-Name: openssl-dev  , This is a multi-part message in MIME format.& --------------0405050004030603040901019 Content-Type: text/plain; charset=us-ascii; format=flowedn Content-Transfer-Encoding: 7bit=  ( OpenSSL Security Advisory [30 July 2002]  D This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory.o  
 Advisory 1
 ==========  ? A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are2@ conducting a security review of OpenSSL, under the DARPA program CHATS.   Vulnerabilitiesn ---------------c  7 All four of these are potentially remotely exploitable.E  A 1. The client master key in SSL2 could be oversized and overrun a;D      buffer. This vulnerability was also independently discovered byG      consultants at Neohapsis (http://www.neohapsis.com/) who have alsocG      demonstrated that the vulerability is exploitable. Exploit code is	       NOT available at this time.  E 2. The session ID supplied to a client in SSL3 could be oversized andb      overrun a buffer.  C 3. The master key supplied to an SSL3 server could be oversized andnC      overrun a stack-based buffer. This issues only affects OpenSSLe4      0.9.7 before 0.9.7-beta3 with Kerberos enabled.  A 4. Various buffers for ASCII representations of integers were toos      small on 64 bit platforms.-  D The Common Vulnerabilities and Exposures project (cve.mitre.org) hasE assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issueE  3, and CAN-2002-0655 to issue 4.  > In addition various potential buffer overflows not known to be= exploitable have had assertions added to defend against them.s   Who is affected? ----------------  F Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or? current development snapshots of 0.9.7 to provide SSL or TLS is	F vulnerable, whether client or server. 0.9.6d servers on 32-bit systems) with SSL 2.0 disabled are not vulnerable.e  ! SSLeay is probably also affected.z   Recommendations= ---------------_  A Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL B 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS.  7 A patch for 0.9.7 is available from the OpenSSL websitee (http://www.openssl.org/).  F Servers can disable SSL2, alternatively disable all applications usingD SSL or TLS until the patches are applied. Users of 0.9.7 pre-releaseB versions with Kerberos enabled will also have to disable Kerberos.  C Client should be disabled altogether until the patches are applied.e   Known Exploits --------------  B There are no know exploits available for these vulnerabilities. AsF noted above, Neohapsis have demonstrated internally that an exploit is1 possible, but have not released the exploit code.o  
 References
 ----------  ; http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655i; http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656/; http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657o   Acknowledgements ----------------  @ The project leading to this advisory is sponsored by the Defense@ Advanced Research Projects Agency (DARPA) and Air Force ResearchD Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.(  3 The patch and advisory were prepared by Ben Laurie.t      
 Advisory 2
 ==========   Vulnerabilitieso ---------------k  D The ASN1 parser can be confused by supplying it with certain invalid
 encodings.  D The Common Vulnerabilities and Exposures project (cve.mitre.org) has. assigned the name CAN-2002-0659 to this issue.   Who is affected? ----------------  B Any OpenSSL program which uses the ASN1 library to parse untrustedC data. This includes all SSL or TLS applications, those using S/MIMEt, (PKCS#7) or certificate generation routines.   Recommendationso ---------------=  C Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompiler all applications using OpenSSL.s  E Users of 0.9.7 pre-release versions should apply the patch or upgrade=B to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.   Exploits --------  3 There are no known exploits for this vulnerability.	  
 References
 ----------  ; http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659n   Acknowledgements ----------------  B This vulnerability was discovered by Adi Stav <stav@mercury.co.il>A and James Yonan <jim@ntlp.com> independently. The patch is partlye based on a version by Adi Stav.8  ; The patch and advisory were prepared by Dr. Stephen Henson..   --  B http://www.apache-ssl.org/ben.html       http://www.thebunker.net/   Available for contract work.  B "There is no limit to what a man can do or how far he can go if he4 doesn't mind who gets the credit." - Robert Woodruff    & --------------040505000403060304090101 Content-Type: text/plain;T   name="openssl-0.9.6d-sec.patch" Content-Disposition: inline;$  filename="openssl-0.9.6d-sec.patch" Content-Transfer-Encoding: 7bit>   Index: CHANGESC ===================================================================)* RCS file: /e/openssl/cvs/openssl/CHANGES,v retrieving revision 1.618.2.158B diff -u -r1.618.2.158 CHANGES@+ --- CHANGES	2002/05/09 22:40:31	1.618.2.158t +++ CHANGES	2002/07/30 09:14:15S @@ -2,6 +2,35 @@   OpenSSL CHANGESr   _______________e  y + Changes in security patchs +e@ +Changes marked "(CHATS)" were sponsored by the Defense AdvancedD +Research Projects Agency (DARPA) and Air Force Research Laboratory,9 +Air Force Materiel Command, USAF, under agreement number, +F30602-01-2-0537. +a> +  *) Add various sanity checks to asn1_get_length() to rejectD +     the ASN1 length bytes if they exceed sizeof(long), will appear> +     negative or the content length exceeds the length of the& +     supplied buffer. (CAN-2002-0659)O +     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]4 +@E +  *) Assertions for various potential buffer overflows, not known toE +     happen in practice.> +     [Ben Laurie (CHATS)] +2G +  *) Various temporary buffers to hold ASCII versions of integers wereg5 +     too small for 64 bit platforms. (CAN-2002-0655)@I +     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>2 +_A +  *) Remote buffer overflow in SSL3 protocol - an attacker could<A +     supply an oversized session ID to a client. (CAN-2002-0656)_ +     [Ben Laurie (CHATS)] +iA +  *) Remote buffer overflow in SSL2 protocol - an attacker could/< +     supply an oversized client master key. (CAN-2002-0656) +     [Ben Laurie (CHATS)] + 1   Changes between 0.9.6c and 0.9.6d  [9 May 2002]e  eC    *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not. Index: crypto/cryptlib.cC ===================================================================#4 RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.c,v retrieving revision 1.20.2.4 diff -u -r1.20.2.4 cryptlib.cs2 --- crypto/cryptlib.c	2001/11/23 20:57:59	1.20.2.4) +++ crypto/cryptlib.c	2002/07/30 09:14:15- @@ -491,3 +491,11 @@  #endif   i  #endif) +	A +void OpenSSLDie(const char *file,int line,const char *assertion)> +    {M +    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",n +	    file,line,assertion); 
 +    abort();o +    } +n Index: crypto/cryptlib.hC =================================================================== 4 RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.h,v retrieving revision 1.8O diff -u -r1.8 cryptlib.h- --- crypto/cryptlib.h	2000/05/02 12:35:04	1.8	) +++ crypto/cryptlib.h	2002/07/30 09:14:16) @@ -89,6 +89,14 @@0  #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"1  #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"(  p$ +/* size of string represenations */8 +#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)1 +#define HEX_SIZE(type)         ((sizeof(type)*2)e +n +/* die if we have to */B +void OpenSSLDie(const char *file,int line,const char *assertion);D +#define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) +v  #ifdef  __cplusplus  }  #endiff Index: crypto/asn1/asn1_lib.csC ===================================================================09 RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v> retrieving revision 1.19.2.1 diff -u -r1.19.2.1 asn1_lib.c 7 --- crypto/asn1/asn1_lib.c	2001/03/30 13:42:32	1.19.2.1s. +++ crypto/asn1/asn1_lib.c	2002/07/30 09:14:17 @@ -124,15 +124,13 @@-  		(int)(omax+ *pp));-  s  #endifs -#if 0" -	if ((p+ *plength) > (omax+ *pp))$ +	if (*plength > (omax - (*pp - p)))  		{3  		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);i9  		/* Set this so that even if things are not long enough	%  		 * the values are set correctly */ 
  		ret|=0x80;X  		} -#endif	  	*pp=p;  	return(ret|inf);  err:Y @@ -159,6 +157,8 @@P  		i= *p&0x7f;  		if (*(p++) & 0x80)u  			{z +			if (i > sizeof(long))  +				return 0;  			if (max-- == 0) return(0);  			while (i-- > 0)   				{ @@ -170,6 +170,8 @@	  		elsee
  			ret=i;  		} +	if (ret < 0) +		return 0;  	*pp=p;
  	*rl=ret;  	return(1); @@ -407,7 +409,7 @@	  c8  void asn1_add_error(unsigned char *address, int offset)  	{t -	char buf1[16],buf2[16];gB +	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];  o-  	sprintf(buf1,"%lu",(unsigned long)address);T  	sprintf(buf2,"%d",offset); Index: crypto/conf/conf_def.c	C ===================================================================.9 RCS file: /e/openssl/cvs/openssl/crypto/conf/conf_def.c,v= retrieving revision 1.3= diff -u -r1.3 conf_def.c2 --- crypto/conf/conf_def.c	2000/06/06 15:21:12	1.3. +++ crypto/conf/conf_def.c	2002/07/30 09:14:18 @@ -67,6 +67,7 @@   #include "conf_def.h"  #include <openssl/buffer.h>  #include <openssl/err.h>  +#include "cryptlib.h"  e*  static char *eat_ws(CONF *conf, char *p);5  static char *eat_alpha_numeric(CONF *conf, char *p);T @@ -180,12 +181,12 @@S5  static int def_load(CONF *conf, BIO *in, long *line)	  	{c  #define BUFSIZE	512 -	char btmp[16];  	int bufnum=0,i,ii;  	BUF_MEM *buff=NULL;   	char *s,*p,*end;  	int again,n;  	long eline=0; # +	char btmp[DECIMAL_SIZE(eline)+1];N  	CONF_VALUE *v=NULL,*tv;   	CONF_VALUE *sv=NULL;  	char *section=NULL,*buf; Index: crypto/objects/obj_dat.cOC ===================================================================e; RCS file: /e/openssl/cvs/openssl/crypto/objects/obj_dat.c,vR retrieving revision 1.16.2.2 diff -u -r1.16.2.2 obj_dat.c9 --- crypto/objects/obj_dat.c	2002/04/18 11:52:28	1.16.2.2=0 +++ crypto/objects/obj_dat.c	2002/07/30 09:14:19 @@ -428,7 +428,7 @@g  	unsigned long l;  	unsigned char *p;_  	const char *s; -	char tbuf[32];/ +	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];   5  	if (buf_len <= 0) return(0);    Index: ssl/s2_clnt.cC =================================================================== 0 RCS file: /e/openssl/cvs/openssl/ssl/s2_clnt.c,v retrieving revision 1.27.2.4 diff -u -r1.27.2.4 s2_clnt.c. --- ssl/s2_clnt.c	2001/11/10 10:43:51	1.27.2.4% +++ ssl/s2_clnt.c	2002/07/30 09:14:25y @@ -116,6 +116,7 @@a  #include <openssl/buffer.h>  #include <openssl/objects.h>G  #include <openssl/evp.h>= +#include "cryptlib.h"  =4  static SSL_METHOD *ssl2_get_client_method(int ver);(  static int get_server_finished(SSL *s); @@ -517,6 +518,7 @@i  		}  		12  	s->s2->conn_id_length=s->s2->tmp.conn_id_length;6 +	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);5  	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);=  	return(1);  	}= @@ -618,6 +620,7 @@=  		/* make key_arg data */  		i=EVP_CIPHER_iv_length(c);   		sess->key_arg_length=i;$ +		die(i <= SSL_MAX_KEY_ARG_LENGTH);1  		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);i  o  		/* make a master key */ @@ -625,6 +628,7 @@i  		sess->master_key_length=i;t
  		if (i > 0)n  			{t& +			die(i <= sizeof sess->master_key);,  			if (RAND_bytes(sess->master_key,i) <= 0)  				{2  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -668,6 +672,7 @@A
  		d+=enc;  		karg=sess->key_arg_length;	"  		s2n(karg,p); /* key arg size */% +		die(karg <= sizeof sess->key_arg);S.  		memcpy(d,sess->key_arg,(unsigned int)karg);  		d+=karg;5  C @@ -688,6 +693,7 @@   		{(  		p=(unsigned char *)s->init_buf->data;"  		*(p++)=SSL2_MT_CLIENT_FINISHED;7 +		die(s->s2->conn_id_length <= sizeof s->s2->conn_id);S@  		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);  T+  		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;r @@ -944,6 +950,8 @@a  		{4  		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))  			{s% +			die(s->session->session_id_lengthI* +			    <= sizeof s->session->session_id);*  			if (memcmp(buf,s->session->session_id,7  				(unsigned int)s->session->session_id_length) != 0)_  				{ Index: ssl/s2_lib.c C ==================================================================="/ RCS file: /e/openssl/cvs/openssl/ssl/s2_lib.c,vs retrieving revision 1.29.2.2 diff -u -r1.29.2.2 s2_lib.c=- --- ssl/s2_lib.c	2000/12/26 12:06:47	1.29.2.2l$ +++ ssl/s2_lib.c	2002/07/30 09:14:25 @@ -62,6 +62,7 @@.  #include <openssl/rsa.h>_  #include <openssl/objects.h>u  #include <openssl/md5.h>7 +#include "cryptlib.h"  7)  static long ssl2_default_timeout(void );d<  const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -425,10 +426,14 @@S  #endifN  s  	km=s->s2->key_material;SA + 	die(s->s2->key_material_length <= sizeof s->s2->key_material);S?  	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)	  		{  		MD5_Init(&ctx);  t* + 		die(s->session->master_key_length >= 0( + 		    && s->session->master_key_length) + 		    < sizeof s->session->master_key);sI  		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);_  		MD5_Update(&ctx,&c,1);_  		c++;_ @@ -463,6 +468,7 @@S  /*	state=s->rwstate;*/   	error=s->error;p
  	s->error=0;o  +	die(error >= 0 && error <= 3);(  	i=ssl2_write(s,&(buf[3-error]),error);(  /*	if (i == error) s->rwstate=state; */    Index: ssl/s2_srvr.cC ===================================================================-0 RCS file: /e/openssl/cvs/openssl/ssl/s2_srvr.c,v retrieving revision 1.25.2.5 diff -u -r1.25.2.5 s2_srvr.c. --- ssl/s2_srvr.c	2001/11/14 21:19:47	1.25.2.5% +++ ssl/s2_srvr.c	2002/07/30 09:14:26s @@ -116,6 +116,7 @@3  #include <openssl/rand.h>  #include <openssl/objects.h>0  #include <openssl/evp.h>t +#include "cryptlib.h"  e4  static SSL_METHOD *ssl2_get_server_method(int ver);*  static int get_client_master_key(SSL *s); @@ -417,11 +418,18 @@n   		n2s(p,i); s->s2->tmp.clear=i;  		n2s(p,i); s->s2->tmp.enc=i;*  		n2s(p,i); s->session->key_arg_length=i;: +		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) +			{o' +			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,s  +				   SSL_R_KEY_ARG_TOO_LONG); +			return -1; +			}e,  		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;  		}  .'  	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */r'  	p=(unsigned char *)s->init_buf->data;PC +	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);8"  	keya=s->session->key_arg_length;c  	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;s1  	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER). @@ -502,6 +510,7 @@e  #endifo  P%  	if (is_export) i+=s->s2->tmp.clear;<& +	die(i <= SSL_MAX_MASTER_KEY_LENGTH);"  	s->session->master_key_length=i;3  	memcpy(s->session->master_key,p,(unsigned int)i);o  	return(1); @@ -649,6 +658,7 @@,"  	p+=s->s2->tmp.session_id_length;     	/* challenge */g: +	die(s->s2->challenge_length <= sizeof s->s2->challenge);C  	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);   	return(1);	  mem_err:. @@ -800,6 +810,7 @@.  		}  3%  	/* SSL2_ST_GET_CLIENT_FINISHED_B */c6 +	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);1  	len = 1 + (unsigned long)s->s2->conn_id_length;0  	n = (int)len - s->init_num;,/  	i = ssl2_read(s,(char *)&(p[s->init_num]),n);e @@ -825,6 +836,7 @@r  		{(  		p=(unsigned char *)s->init_buf->data;   		*(p++)=SSL2_MT_SERVER_VERIFY;; +		die(s->s2->challenge_length <= sizeof s->s2->challenge); D  		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);$  		/* p+=s->s2->challenge_length; */  f @@ -844,6 +856,8 @@u(  		p=(unsigned char *)s->init_buf->data;"  		*(p++)=SSL2_MT_SERVER_FINISHED;  p$ +		die(s->session->session_id_length) +		    <= sizeof s->session->session_id);e#  		memcpy(p,s->session->session_id, 1  			(unsigned int)s->session->session_id_length); *  		/* p+=s->session->session_id_length; */ Index: ssl/s3_clnt.cC ===================================================================a0 RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v retrieving revision 1.31.2.6 diff -u -r1.31.2.6 s3_clnt.c. --- ssl/s3_clnt.c	2002/01/14 23:42:35	1.31.2.6% +++ ssl/s3_clnt.c	2002/07/30 09:14:27a @@ -117,6 +117,7 @@   #include <openssl/sha.h>   #include <openssl/evp.h>n  #include "ssl_locl.h" +#include "cryptlib.h"  s4  static SSL_METHOD *ssl3_get_client_method(int ver);&  static int ssl3_client_hello(SSL *s); @@ -545,6 +546,7 @@s  		*(p++)=i;  		if (i != 0)  			{e, +			die(i <= sizeof s->session->session_id);'  			memcpy(p,s->session->session_id,i);T	  			p+=i;b  			}a @@ -625,6 +627,14 @@  o  	/* get the session-id */  	j= *(p++); +:- +       if(j > sizeof s->session->session_id)n +               {l, +               al=SSL_AD_ILLEGAL_PARAMETER;3 +               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,u7 +                      SSL_R_SSL3_SESSION_ID_TOO_LONG);o +               goto f_err;s +               }   S.  	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))  		{ Index: ssl/s3_srvr.cC ===================================================================e0 RCS file: /e/openssl/cvs/openssl/ssl/s3_srvr.c,v retrieving revision 1.49.2.14s diff -u -r1.49.2.14 s3_srvr.cs/ --- ssl/s3_srvr.c	2002/04/13 22:49:26	1.49.2.14o% +++ ssl/s3_srvr.c	2002/07/30 09:14:28n @@ -122,6 +122,7 @@i  #include <openssl/evp.h>   #include <openssl/x509.h>  #include "ssl_locl.h" +#include "cryptlib.h"  r4  static SSL_METHOD *ssl3_get_server_method(int ver);*  static int ssl3_get_client_hello(SSL *s); @@ -948,6 +949,7 @@-$  			s->session->session_id_length=0;   $  		sl=s->session->session_id_length;, +		die(sl <= sizeof s->session->session_id);
  		*(p++)=sl;T'  		memcpy(p,s->session->session_id,sl);v	  		p+=sl;s Index: ssl/ssl.hC ===================================================================b, RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v retrieving revision 1.85.2.12d diff -u -r1.85.2.12 ssl.hr+ --- ssl/ssl.h	2002/01/14 23:42:42	1.85.2.12p! +++ ssl/ssl.h	2002/07/30 09:14:29  @@ -1478,6 +1478,7 @@ &  #define SSL_R_INVALID_COMMAND				 280&  #define SSL_R_INVALID_PURPOSE				 278$  #define SSL_R_INVALID_TRUST				 279( +#define SSL_R_KEY_ARG_TOO_LONG				 1112&  #define SSL_R_LENGTH_MISMATCH				 159'  #define SSL_R_LENGTH_TOO_SHORT				 160r"  #define SSL_R_LIBRARY_BUG				 274 @@ -1546,6 +1547,7 @@o!  #define SSL_R_SHORT_READ				 219e9  #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220 1  #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221e/ +#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113s/  #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222u1  #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042s0  #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020 Index: ssl/ssl_asn1.c5C ===================================================================p1 RCS file: /e/openssl/cvs/openssl/ssl/ssl_asn1.c,v0 retrieving revision 1.8  diff -u -r1.8 ssl_asn1.c* --- ssl/ssl_asn1.c	2000/06/01 22:19:19	1.8& +++ ssl/ssl_asn1.c	2002/07/30 09:14:29 @@ -62,6 +62,7 @@n  #include <openssl/objects.h>y  #include <openssl/x509.h>  #include "ssl_locl.h" +#include "cryptlib.h"   #  typedef struct ssl_session_asn1_std  	{e @@ -275,6 +276,7 @@i  		os.length=i;=   #  	ret->session_id_length=os.length; + +	die(os.length <= sizeof ret->session_id);i,  	memcpy(ret->session_id,os.data,os.length);  V,  	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); Index: ssl/ssl_err.cC ===================================================================-0 RCS file: /e/openssl/cvs/openssl/ssl/ssl_err.c,v retrieving revision 1.28.2.6 diff -u -r1.28.2.6 ssl_err.c. --- ssl/ssl_err.c	2001/11/10 01:15:29	1.28.2.6% +++ ssl/ssl_err.c	2002/07/30 09:14:30o @@ -1,6 +1,6 @@-  /* ssl/ssl_err.c */H  /* ====================================================================A - * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.dF + * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.   *iF   * Redistribution and use in source and binary forms, with or withoutF   * modification, are permitted provided that the following conditions @@ -275,6 +275,7 @@i>  {SSL_R_INVALID_COMMAND                   ,"invalid command"},>  {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},<  {SSL_R_INVALID_TRUST                     ,"invalid trust"},? +{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},y>  {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},?  {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},o:  {SSL_R_LIBRARY_BUG                       ,"library bug"}, @@ -343,6 +344,7 @@i9  {SSL_R_SHORT_READ                        ,"short read"}, W  {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},9K  {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},aG +{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},=H  {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},J  {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},I  {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},2 Index: ssl/ssl_sess.c,C ===================================================================s1 RCS file: /e/openssl/cvs/openssl/ssl/ssl_sess.c,vs retrieving revision 1.30.2.2 diff -u -r1.30.2.2 ssl_sess.cD/ --- ssl/ssl_sess.c	2002/02/10 12:52:57	1.30.2.2r& +++ ssl/ssl_sess.c	2002/07/30 09:14:30 @@ -60,6 +60,7 @@-  #include <openssl/lhash.h>i  #include <openssl/rand.h>  #include "ssl_locl.h" +#include "cryptlib.h"  fC  static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); ?  static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);2 @@ -199,6 +200,7 @@H  		ss->session_id_length=0;.  		}  a/ +	die(s->sid_ctx_length <= sizeof ss->sid_ctx);f3  	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); '  	ss->sid_ctx_length=s->sid_ctx_length;u  	s->session=ss;    ( --------------040505000403060304090101--  F ______________________________________________________________________F OpenSSL Project                                 http://www.openssl.orgF Development Mailing List                       openssl-dev@openssl.orgF Automated List Manager                           majordomo@openssl.org    / ----Next_Part(Tue_Jul_30_16:43:04_2002_639)----e   ------------------------------  % Date: Tue, 30 Jul 2002 10:42:19 -0500r+ From: Chuck Aaron <caaron@ceris.purdue.edu>  Subject: Ideas:A0 Message-ID: <3D46B3DB.31CC38D7@ceris.purdue.edu>   Group,  F I am running vms 7.2-2 with perl 5.6.0 and OSU web server 3.9b. We useE CGI/Perl as a bulletin board. Recently, while trying to access one of=C the items on the site, only sporadically, we will get "The documentp? contained no data, Try again later message.". This problem justiE started recently after an upgrade to tcpip 5.1 eco 4 but nothing elsey has changed.  D Any ideas on what might be causing this error to occur sporadically?B It can occur on any page or listing while trying to access or back out.   Thanks,d Chuck(   ------------------------------  % Date: Tue, 30 Jul 2002 09:39:28 +0200e9 From: Jan-Erik =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com>b Subject: Re: Invoking db' Message-ID: <3D4642B0.408B8219@aaa.com>=  5 Please provede tools, command and so on that you use.v' What do you mean by "invoking the db" ?   What is "the rest" that are OK ?   Jan-Erik Sderholm.	   A Bonaveidogo wrote: >  > Hi All > @ > I'm runnning Oracle Rdb V7.0-5, Gembase 5.6-3 on OpenVMS 7.2-2 > J > The problem I'm facing is I can't invoke a database from a remote node.. > $ > eg.  database is sitting on Node AG > I login on Node B and invoke the database from the node B.. The errori > message is >  > ) >  %RDB-F-IO_ERROR, input or output errorn > 7 > This happen on one database only... the rest are ok..e >  > your help will be appreciated_ >  > AB   ------------------------------    Date: 30 Jul 2002 02:48:16 -0700% From: Alan Greig <a.greig@virgin.net>=4 Subject: Re: Itanic2 - the cHumPaq spin continues...) Message-ID: <ai5nd0022vk@drn.newsguy.com>>  @ In article <H0e19.16$oy2.609326@news.cpqcorp.net>, "Fred says... >p >a >.  Was that honest? >> >4M >No.  I don't think it was honest, nor do I condone it.  Even if whoever that,H >manager is (and you don't include the name, so I don't know who it was)  P The person involved was billed to talk about the future of Alpha as a prelude toJ another presentation. The handouts gave some info on both EV7 and EV8. TheJ speaker later told me he felt terrible about saying what he did but had heO entirely ignored EV8 he was sure there would have been questions from the floor79 as to why. And he wasn't sure how he would handle that...)  L It really boiled down to him either mouthing "fully funded" for the next few: weeks or resigning. And he apparently he did consider that  H >doesn't like that opinion.  It is one thing to make a statement such asJ >that, when you do not know it to be false.  It is quite another to make a  N To be honest I think Rich Marcello (so you know it isn't him) suggested that IK be given the "right info" (we were looking at an Alpha/SAP/Tru64 multi ES40"O solution - now ruled out btw) but the one-to-one never happened for another few=I weeks. Possibly someone worked out (probably correctly) that I would haveoO serious difficulty morally holding onto pre-knowledge of the Alpha announcementc9 under NDA given the public protestations to the contrary.f  J >truly false statement.  He would have been better off to have avoided theI >question entirely, or indicated that he could not give details about EV8  >futures at that time.  P He was put in an almost impossible situation for a few weeks. But I won't narrowI his identity down any further. I'll name him in private email if you wish N though. Had he said he couldn't say anything about EV8 he had the problem thatM another speaker was to give some info but he couldn't tell that other speakerE not to or...   >]I >I stood up at a meeting in DC several months before the announcement andLJ >made the same type of declaration - "VMS will never be ported", and AlphaK >forever.  I was acting on the best information I had at the time - even ifbK >some executives someplace else had already made the decision otherwise.  IcL >would never have made that statement, had I known - even in confidence - of >the change.  O As you say he could have tried to ignore EV8 completely or sidestepped it but I N think he was following an agreed line when he said "fully funded". I am fairlyM sure Capellas and Winkler had used the term "fully funded" to refer to EV8 in= the few months prior.=   ------------------------------  % Date: Tue, 30 Jul 2002 12:32:28 +0100lU From: Andrew Harrison SUNUK Consultancy <andrew_nospam.harrison_remove_this@sun#.com>04 Subject: Re: Itanic2 - the cHumPaq spin continues...0 Message-ID: <ai5tgi$ddm$1@new-usenet.uk.sun.com>   Main, Kerry wrote:   > Fred,l >  > ; >>>>While the x86-64 strategy might interest Microsoft, <<<  >>>> > F > A more interesting question might be "who will do the actual porting9 > work to support a non-Intel platform with MS software?"n >      Why do you need a port ?  7 Granted there a some apps that can make use of a 64 bit;9 processor to their advantage, but the majority don't need	 it.n  ; Hammer will apparently run IA-32 applications very quickly,	< it is compatible with IA-32 so developers need to test their; app (assuming they are concerned, many don't bother for they8 current AMD processors) no port required unless you need 64 bit support.i  9 And then you are in a better shape than IA-64 because the	9 ISV's need to do less work to get a good high performance-; port. IA-64 with its dependency on techniques like feedbackE: directed optimisation places a greater workload on the ISV- if a high performance port is to be acheived.y  < Some ISV's don't bother kicking in any form of optimisation,7 it takes longer to compile and you have to add 10 or so@9 additional characters to a makefile (way to much effort).-  : Expecting them to do this and find a representative set of: data for the app for feedback purposes is expecting a lot.    H > If previous experience is any indication (MIPS, PowerPC and Alpha), itH > is the HW vendor that will have to incur not only the software portingC > (e.g. 64bit stuff) expenses of any new full and point releases oftJ > NT/W2K, but also its ongoing support while OS and other related softwareC > revenues go to MS. That vendor will also likely have to pay MS to0/ > officially support products like Office etc. = > J > Note - while it might run ok in 32bit mode, "official support" is likelyD > going to be another matter as that is what large companies will be	 > asking.= >     D You seem to be infering that 32bit mode is somehow abnormal and that> people should be concerned if an app only runs in 32 bit mode.  > This isn't the case, and in practice large companies are going: to be overjoyed to discover that 32 bit apps will run well: on the x86-64 because it will mean that they are not faced< with the need to gratuitously churn all their software stack> to get access to one or two components that might benefit from being 64 bit aware.   = What is remarkable about the IA-64 proposition is that anyone5% would consider it in the first place.a  > HP-PA, Power, SPARC, MIPS all started as 32 bit processors and? then moved to 64 bit while providing mixed 32/64 bit support soe< that companies didn't need to change their entire stack. Nor< did people experience significant performance issues running 32 bit apps on 64 bit systems.  9 HP, Sun, IBM and SGI all did it this way because it makesw8 much more sense than in effect introducing a new ISA and8 breaking all the apps running on the old one. Sense both( from a vendor and a customer standpoint.  ? Intel and HP didn't dare introduce a processor that broke IA-32e= compatibility, IA-32 emulation which was their solution is so2? slow however that there is little likelyhood of people using it08 in anger, forcing a IA-64 port for the entire ISV stack.  > It will be interesting to see how IA-64 pans out. I think that< Hammer will kill it, hence Intels attempts to fatally weaken Hammer before it comes out.   < Intel need to be carefull however, they could drive AMD into= the arms of someone like IBM with dire concequences for theirs own future.s   Regardsg Andrew Harrison(    H > Granted, perhaps MS will adopt another model going forward than it has2 > in the past, but these are certainly big issues. > 	 > Regardsu >  > Kerry Main > Senior Consultant_ > Hewlett-Packard Canada# > Consulting & Integration ServicesK > Voice: 613-592-4660  > Fax   : 613-591-4477 > Email: Kerry.Main@hp.com >  >  > -----Original Message-----= > From: Fred Kleinsorge [mailto:kleinsorge@star.zko.dec.com] n > Sent: July 29, 2002 12:16 PM > To: Info-VAX@Mvb.Saic.Comn6 > Subject: Re: Itanic2 - the cHumPaq spin continues... >  > C > David J. Dachtera wrote in message <3D44B132.C7A5DD5A@fsi.net>...- >  >>Fred Kleinsorge wrote: >>	 >>>[snip]EF >>>Compaq (RIP) could have decided to continue to invest in EV8, while >>>, > behind > < >>>the scenes planning to move to Itanium and abandon Alpha. >>>dF >>That would have more closely paralleled the VAX to Alpha transition D >>and, IMHO, would have been the better, more profitable course. It ? >>likely would not have met Carly's demands, this I understand.@ >> >> > F > I don't really agree here.  Once Alpha development truly kicked off,G > only the VAX chip and platform work still in progress and minor knockhH > offs continued.  VAX sales continued to decline.  The same type of FUD@ > was used against moving to Alpha.  A year ago the decision wasI > announced.  Alpha chip and platform development continues, just not neweJ > architectural development. Those Alpha platforms will be available for aG > while, just like VAXes were. And I suspect that if there are business@B > reasons, they will spin additional knockoff EV7 and EV6 systems. > I > While you want to draw Carly into this as a conspiritor - Mike Capellas<G > was the CEO who made the decision.  Just as Bob Palmer made decisions D > that you would want to attribute to Bill Gates.  Some people stillG > believe that aliens landed at Roswell too, and that the pyramids were=E > built by aliens. But even if HP was somehow part of the motivation,e> > which I do not agree with, it still makes little difference. >  >  >>>IMHO they did the >>>more honest thing.3 >>>1I >>An old saying has it, "The road to hell is paved with good intentions".d >> > E >>In this case, tact may have been the more beneficial approach, for dI >>OVMS, the customer base and ultimately the Q and their successors (HP, s >>...).  >> >> > B > Can you allow room for disagreement?  You may not agree with theC > approach, but can you agree that reasonable people could take the>G > approach without conspiracies, bad intentions, or incompetence?  Many	B > customers who I have talked to, or heard the feedback from - areF > satisfied with what we are doing, where we are heading, and were not > offended.E >  > F >>>They told people of their decision as soon as they had reached the % >>>agreements needed to move to IA64.  >>> B >>I'd still assert that the matter was mishandled. When Alpha was I >>announced, VAX wasn't "killed" outright. I understand the circumstances= >> > H >>were different. The damage done this time may be irreversible, unless C >>there is a major marketing push to raise VMS's visibility in the s
 >>mainstream./ >> >> > G > But it was for all intents and purposes killed in the same way.  Chip-I > and platform work wound down.  Minor platform work was done to keep VAX#D > customers in hardware.  But no new major work was done on VAX (andF > certainly no new architectural work) after the Alpha work started inH > earnest.  If there was a difference at all, it is that we are startingF > with an existing chip, and platforms - and don't have the extra slopE > time we had then to do the SW development as the HW development was=
 > being done.l >  >  >>>They gave Alpha users a >>>transitional roadmap. >>>=B >>...after having previously given roadmaps, assurances, and yes, F >>commitments to the Alpha customer base about the future of Alpha. I B >>believe the phrase, "Bet Your Business" was used more than once. >> >> > I > Situations change.  What was the right decision yesterday, isn't always	J > right today.  It's not clear to me given how big the change was, and theH > negotiations that were taking place - how the decision could have beenE > communicated that would have made everyone happy.  We use "Bet your7H > business: when we talk about VMS - it doesn't matter what the hardwareG > platform is.  The HW isn't important as long as it is fast enough for ) > your needs, and priced for your budget.N >  >  >>>They didn't cancel VMS. >>>DI >>...yet. Unless something happens on IPF, and damned fast, the o.s. withe >> > I >>no hardware platform will simply evaporate. Everyone from Carly on down= >> > 7 >>better get *REAL* clear on that! ...*REAL* damn fast!  >> >> > F > You are listening to the people who have an axe to grind predict theF > doom of a real chip, with real numbers, that you can purchase today,H > that is competetive in the 64-bit space with Sun.  Against a chip thatE > has yet to deliver, yet to find a system vendor to build enterprise.I > systems, and from a company that is and will continue to be battered on	< > the front where it makes it's real money - the IA32 space. > I > The Optitron (or whatever Hammer is now called) is likely - if it shipseG > on time and with performance near the estimated performance - to be aeJ > IA32 competetor, but how much penetration it makes into the 64-bit spaceI > has yet to be seen - perhaps if Sun ditches Sparc for Hammer...  maybe.2I > Given Intels IA32 performance, it's also a question if Hammer will live8J > up to it's hype on IA32 performance.  How much trouble AMD will be in byH > next year, given Intels performance and pricing of IA32 is also a good > question.  > J > But Itanium-2 is here *today*.  It has the *infrastructure* work done toJ > support enterprise systems, while x86-64 will probably start out life asB > a BIOS based PC clone.  While the x86-64 strategy might interestH > Microsoft, will the IA32 emulation performance drive the Linux or UNIX	 > market?{ > G > Do customers running applications on VMS or UNIX care about it's IA32_J > performance?  Do they care about the ISA (EPIC versus x86-64)?  Yes, theG > WINDOWS people do.  But Linux is the fastest growing OS in the server 	 > market.  >  > E >>>The only regret I have is that we didn't start the port to IA64 a {
 >>>year or >>>S > so > G >>>earlier... because we could be selling VMS on those < $5k Itanium 2   >>>workstations today. >>>,I >>You could be selling VMS on everything from <$600 desktops to <$15,000 {G >>enterprise servers now, if you get right down to it ... oh, yeah - I r= >>forgot - I'm the only one who understands that. Oh, well...  >>I >>These are *MY* opinions and it is not likely that I will be swayed any sH >>more than you, Bill, or anyone else. So, let's just agree to disagree. >>H >>You're an intelligent man and a remarkable engineer. I was not gifted I >>with high, measurable intelligence, but I get along as best I can in a  & >>world that I must struggle to grasp. >>H >>We are different, and our opinions are different. That's part of what F >>life is all about. So, let's accept our differences and move on, 'K? >> >> > J > I'm with you on this.  Lets agree to disagree and move forward.  We playE > the hand we have, and try to do the best with it.  Try to influenceoD > *future* plans and events, and not endlessly replay the what-if's. > G > Heck, if *I* could go back in time and changed things, DEC would have,E > purchased/merged with Apple in the early 80's.  We would never haveSI > built the Pro300, or the Rainbow.  I would convince Ken how to tell the H > good guys around him from the bad guys.  I would have made some subtleI > changes in the original VAX ISA that would have made it easier to build-I > faster VAXes.  And would have made damn sure that Dave Cutler didn't go_I > to MS, and that we were not afraid to canabalize the VMS base to get to  > the "next generation" of VMSH > *and* UNIX without the VAX baggage.  I would have dropped the price ofI > the VS2000 to just barely make a profit, and VMS prices for the low-endoH > so low that Sun would have been stillborn in the technical workstationE > space.  I would have let the $4b+ cash on hand carry us through the @ > rough times, and not laid off, crippled, and decorporated DEC. >  >  >  >  >    ------------------------------  # Date: Tue, 30 Jul 2002 14:01:11 GMT51 From: "Terry C. Shannon" <terryshannon@attbi.com> 4 Subject: Re: Itanic2 - the cHumPaq spin continues.../ Message-ID: <H_w19.185084$Wt3.137349@rwcrnsc53>w  # "Andrew Harrison SUNUK Consultancy"t> <andrew_nospam.harrison_remove_this@sun#.com> wrote in message* news:ai5tgi$ddm$1@new-usenet.uk.sun.com...  
 Hi Andrew,  H I seem to recall that Sun backed off IPF about three years ago. Does the6 firm have a Hammer strategy (and if so, is it public)?   Thanks,s   terry su   ------------------------------  % Date: Tue, 30 Jul 2002 15:27:56 +0100uU From: Andrew Harrison SUNUK Consultancy <andrew_nospam.harrison_remove_this@sun#.com>j4 Subject: Re: Itanic2 - the cHumPaq spin continues...0 Message-ID: <ai67pj$glr$1@new-usenet.uk.sun.com>   Terry C. Shannon wrote:o  % > "Andrew Harrison SUNUK Consultancy"t@ > <andrew_nospam.harrison_remove_this@sun#.com> wrote in message, > news:ai5tgi$ddm$1@new-usenet.uk.sun.com... >  > Hi Andrew, > J > I seem to recall that Sun backed off IPF about three years ago. Does the8 > firm have a Hammer strategy (and if so, is it public)? >     0 Was it only three years ago, it seems longer :).  < Sun does have a range of Lintel servers called the SunCobalt9 servers. Currently they use Intel CPU's, they have in thes6 past used AMD and I have no doubt that we will look at9 AMD again with Hammer and ClawHammer (or whatever the lowa power CPU is called).6  8 These servers are designed as rack optimised Linux units/ though we also do a Linux Cube desktop as well.-  5 1U and IA-64 probably isn't a good mix, nor does this65 kind of device really benefit from having a 64 bit OS.9 but I would think that Hammer could be a good compromise.s  6 People in this group have speculated about x86-64 as a4 possible replacement for SPARC. I think that this is% unlikely in the short to medium term.l  7 If Hammer kills IA-64 then HP's computing division wille6 be in horrible shape. If this happens Sun and IBM will8 have huge fun dismembering the remains and paradoxically8 this may reduce any immediate pressure on either company to adopt x86-64.  = In the small-medium sized server space Dell who are currentlyr: unwilling to commit to IA-64 would be well placed to steal8 much of HP's Wintel Market share with IBM and Sun taking the Enterprise server chunk.  8 Dell being a computer reseller can wait longer than most: before deciding on their CPU strategy and this is probably a good thing for them.  8 I think that IA-64 has turned from being a dead cert for6 HP to one of the bigger technology gambles in the last9 10-20 years, the sucess or otherwise of IA-64 sits almostu6 exclusively on HP's shoulders with the next 6-9 months being absolutely crucial.   6 One thing that the IA-64 Choir like Rob have missed is7 that Intel in their attempts to make AMD suffer if thaty8 is in fact what they are doing are making life much much2 harder for HP. Ramp up the IA-32 performance a few5 more notches and those 1-4 CPU IA-64 based boxes thatt1 will essentially be running Win2000 or linux looki even more uncompetitive.     Regards  Andrew Harrisonr   ------------------------------  % Date: Tue, 30 Jul 2002 08:06:06 -0700w& From: Greg Cagle <gregc@gregcagle.com>4 Subject: Re: Itanic2 - the cHumPaq spin continues..., Message-ID: <3D46AB5E.8020506@gregcagle.com>  ( Andrew Harrison SUNUK Consultancy wrote: >  >  > Terry C. Shannon wrote:  > & >> "Andrew Harrison SUNUK Consultancy"A >> <andrew_nospam.harrison_remove_this@sun#.com> wrote in messageo- >> news:ai5tgi$ddm$1@new-usenet.uk.sun.com...f >>
 >> Hi Andrew,  >>K >> I seem to recall that Sun backed off IPF about three years ago. Does the 9 >> firm have a Hammer strategy (and if so, is it public)?s >> >  > 2 > Was it only three years ago, it seems longer :). > > > Sun does have a range of Lintel servers called the SunCobalt; > servers. Currently they use Intel CPU's, they have in thet8 > past used AMD and I have no doubt that we will look at; > AMD again with Hammer and ClawHammer (or whatever the lowl > power CPU is called).t   Hamster! 8^)   -- t
 Greg Cagle gregc at gregcagle dot com   ------------------------------  % Date: Tue, 30 Jul 2002 09:26:18 -05000+ From: Chuck Aaron <caaron@ceris.purdue.edu>a! Subject: Re: Locked Tape$c deviceu/ Message-ID: <3D46A20A.232AB6E@ceris.purdue.edu>    Jan,  C Tells me device already allocated to another user when I tried thisr command.   Any other ideas?   Chuck    Jan-Erik Sderholm wrote:t >  > $ DISMOUNT /ABORT TAPE$C ? >  > Jan-Erik Sderholm.h >  > Chuck Aaron wrote: > >r
 > > Group, > >u@ > > %SYSTEM-W-DEVALLOC, device already allocated to another user > >  > > Any thoughts?  > > 	 > > Chuck    ------------------------------  % Date: Tue, 30 Jul 2002 09:15:43 -0500i+ From: Chuck Aaron <caaron@ceris.purdue.edu>y Subject: Locked Tape$c devicei0 Message-ID: <3D469F8F.138C9F2C@ceris.purdue.edu>   Group,  3 My batch job terminated with the following message:b< %SYSTEM-F-FORCEDEXIT, forced exit of image or process by job
 controller  F It shows the job still running with the tape in the slot and wonder ifB there is a way to reset the tape$c drive. I have tried to dismount tape$c and it tells me:e  < %SYSTEM-W-DEVALLOC, device already allocated to another user  ? I checked the system and there is a process running that I havec stopped   7 Copy    _TNA6:        00000149  TNA6:    (disconnected)o  2 but it remains disconnected and is not going away.  
 Any thoughts?l   Chuckr   ------------------------------  % Date: Tue, 30 Jul 2002 16:25:10 +0200d9 From: Jan-Erik =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com>p! Subject: Re: Locked Tape$c devicep' Message-ID: <3D46A1C6.C4C10D84@aaa.com>S   $ DISMOUNT /ABORT TAPE$C ?   Jan-Erik Sderholm.l   Chuck Aaron wrote: >  > Group, > > > %SYSTEM-W-DEVALLOC, device already allocated to another user >  > Any thoughts?  >  > Chucko   ------------------------------  % Date: Tue, 30 Jul 2002 16:50:32 +0200a9 From: Jan-Erik =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com>s! Subject: Re: Locked Tape$c device ' Message-ID: <3D46A7B8.B68382A6@aaa.com>i   I supose you have priv's ?+ VOLPRO and/or SHARE may be needed dependingi on how the volume was mounted.. Maybe try the /OVERRIDE=CHECKS switch to DISM.  & Either then that, no, no more ideas...  	 Jan-Erik.    Chuck Aaron wrote: >  > Jan, > E > Tells me device already allocated to another user when I tried thisg
 > command. >  > Any other ideas? >  > Chucks >l   ------------------------------    Date: 30 Jul 2002 11:55:26 -0600- From: koehler@encompasserve.org (Bob Koehler) ! Subject: Re: Locked Tape$c devicee3 Message-ID: <W1oGWc7KgxHI@eisner.encompasserve.org>b  ^ In article <3D469F8F.138C9F2C@ceris.purdue.edu>, Chuck Aaron <caaron@ceris.purdue.edu> writes: > Group, > 5 > My batch job terminated with the following message: > > %SYSTEM-F-FORCEDEXIT, forced exit of image or process by job > controller > H > It shows the job still running with the tape in the slot and wonder ifD > there is a way to reset the tape$c drive. I have tried to dismount > tape$c and it tells me:a > > > %SYSTEM-W-DEVALLOC, device already allocated to another user > A > I checked the system and there is a process running that I havee	 > stoppede > 9 > Copy    _TNA6:        00000149  TNA6:    (disconnected)  >   D    It's probably OK by now.  Lot's of times the process can't finishG    running down until the I/O completes or aborts.  In the case of sometG    tape controllers the timeout is justifiably long, but eventually theeF    I/O will either complete or timeout.  Then the process can run down#    and the tape drive becomes free.n  B    Often a prvileged user can convince the system to abort the I/OA    via dismount/abort.  Since that didn't work for you either yourB    don't have sufficient privilege, or the tape is in a state that"    can't be aborted by the driver.   ------------------------------  % Date: Tue, 30 Jul 2002 12:04:47 -0500 + From: Chuck Aaron <caaron@ceris.purdue.edu>s! Subject: Re: Locked Tape$c devicea0 Message-ID: <3D46C72F.552B7204@ceris.purdue.edu>   Bob,  6 Thank you for your reply.  The tape is in a state that5 can't be aborted by the driver. Looks like a shutdown  and boot to me.    Thanks to all, Chuckd   Bob Koehler wrote: > ` > In article <3D469F8F.138C9F2C@ceris.purdue.edu>, Chuck Aaron <caaron@ceris.purdue.edu> writes:
 > > Group, > >e7 > > My batch job terminated with the following message:r@ > > %SYSTEM-F-FORCEDEXIT, forced exit of image or process by job > > controller > >nJ > > It shows the job still running with the tape in the slot and wonder ifF > > there is a way to reset the tape$c drive. I have tried to dismount > > tape$c and it tells me:d > > @ > > %SYSTEM-W-DEVALLOC, device already allocated to another user > >dC > > I checked the system and there is a process running that I havet > > stoppedl > >e; > > Copy    _TNA6:        00000149  TNA6:    (disconnected)e > >. > F >    It's probably OK by now.  Lot's of times the process can't finishI >    running down until the I/O completes or aborts.  In the case of someiI >    tape controllers the timeout is justifiably long, but eventually the H >    I/O will either complete or timeout.  Then the process can run down% >    and the tape drive becomes free.t > D >    Often a prvileged user can convince the system to abort the I/OC >    via dismount/abort.  Since that didn't work for you either you D >    don't have sufficient privilege, or the tape is in a state that$ >    can't be aborted by the driver.   ------------------------------  % Date: Tue, 30 Jul 2002 16:28:44 +0200 & From: Michael Joosten <joost@c-lab.de>' Subject: Re: Low-level format SCSI diskt$ Message-ID: <3D46A29C.5656@c-lab.de>   Soterro wrote: >  > Hello, > H > I have a dual-boot Digital Personal Workstation 600au with OpenVMS and > Tru64.E > I got some ex-AS/400 hard-disks formatted with the 520-bytes sectorcG > size. Not good, I need 512 (I had to install Linux to figure out whats > the problem is :)a > E > They are nice disks, so I have to low-level format them somehow, isyF > there a utility under one of those two operating systems to do that? >   D With Linux, you could try 'sformat'. But you have to take a break to? understand the options and read the manpage. It's use is little 
 bizarre...   --  * Michael Joosten, SBS C-LAB, joost@c-lab.de* Fuerstenallee 11, 33094 Paderborn, Germany, Phone: +49 5251 606127, Fax: +49 5251 6060658 C-LAB is a cooperation of University Paderborn & SIEMENS   ------------------------------  % Date: Tue, 30 Jul 2002 15:58:46 +0100f From: Roy Omond <Roy@Omond.net>o' Subject: Re: Low-level format SCSI disk ) Message-ID: <3D46A9A5.9D66ABC1@Omond.net>t   Soterro wrote:   > Hello, >tH > I have a dual-boot Digital Personal Workstation 600au with OpenVMS and > Tru64.E > I got some ex-AS/400 hard-disks formatted with the 520-bytes sector G > size. Not good, I need 512 (I had to install Linux to figure out whatr > the problem is :)V >sE > They are nice disks, so I have to low-level format them somehow, isiF > there a utility under one of those two operating systems to do that?  > I've never had a 520-bytes/block SCSI disk, so I can't be 100%# sure that the following would work:   ? Using VMS (what else :-) assuming your SCSI disk is, say, DKA0:t   $ run sys$etc:rztools_alphan  % RZTools> [ /h for help ] DKA0:/Formatt  	 Roy Omondr Blue Bubble Ltd.   ------------------------------  % Date: Tue, 30 Jul 2002 16:53:43 +0200 9 From: Jan-Erik =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com>=' Subject: Re: Low-level format SCSI diskp' Message-ID: <3D46A877.E5AC9F66@aaa.com>=   Michael Joosten wrote: > F > With Linux, you could try 'sformat'. But you have to take a break toA > understand the options and read the manpage. It's use is littleY > bizarre...   You mean Linux is ?. :-)   	 Jan-Erik.u   ------------------------------    Date: 30 Jul 2002 05:37:03 -0600- From: Kilgallen@SpamCop.net (Larry Kilgallen)b. Subject: Re: Running an .EXE from a .COM file.3 Message-ID: <2wlXiRmuMdgi@eisner.encompasserve.org>   X In article <1020730005441.6055A-100000@Ives.egh.com>, John Santos <JOHN@egh.com> writes:# > On 29 Jul 2002, Rob Kersey wrote:a > H >> I am trying to run an .exe from within a .com file. The .exe requiresA >> input back from the user before it exits on the users request.T >>=20nI >> The problem that I am having is that the .com file does not pause when F >> it gets to the running of the .exe unless I use SPAWN/WAIT. HoweverI >> the .com file is being run from within a captive account and therefore! >> no spawning is allowed. >>=20 I >> Is there another way to run an .exe and get the com file to pause/waito >> before it continues.e > G > From=20your description of the problem, I think you have a Unix model H > of what happens when a .com runs a program.  The .com doesn't continueI > executing until the program exits.  There is only a single process. [*]n >  >  > D > What you need to do is to get the program to accept input from theB > terminal (so the user can type at it), rather than expecting itsG > input to come from the .com file.  You accomplish that by redirectinga- > its input stream to come from the terminal.b > . >   $ ASSIGN/USER_MODE SYS$COMMAND:  SYS$INPUTI >   $ RUN YOUR_PROGRAM=09! or whatever command you use to start the prog.e  D Even better would be to fix the program so it reads human input from" SYS$COMMAND rather than SYS$INPUT.   ------------------------------  % Date: Tue, 30 Jul 2002 09:01:21 +0100e( From: Martyn <mpattKNICKERS@bigfoot.com>! Subject: Re: Sort file protection-( Message-ID: <3D4647D1.80908@bigfoot.com>  
 Joe wrote:   >OpenVMS 7.3 >eD >Sorry for the long post. This is gonna get mangled. Names have been0 >changed to protect the innocent and all that... >e+ >However - am I missing something here?!?!?r >m; >ICITST[APOLLO]: CONVERT/STAT/FDL=foobar.FDL foobar_logicalr >sys$login:x.yG >%SORT-F-OPENOUT, error opening DKB500:[SORTWORK]SORT1_00000468.TMP; aso >outputA@ >-RMS-E-PRV, insufficient privilege or file protection violation$ >ICITST[APOLLO]: sho dev/full DKB500 > ? >Disk APOLLO$DKB500:, device type COMPAQ BD0186459A, is online,t >mounted, file-AG >    oriented device, shareable, available to cluster, error logging isl	 >enabled.t >eG >    Error count                    0    Operations completed          V	 >     990tG >    Owner process                 ""    Owner UIC                     g	 >[SYSTEM]w< >    Owner process ID        00000000    Dev Prot            >S:RWPL,O:RWPL,G:R,WG >    Reference count                1    Default buffer size            	 >     512sG >    Current preferred CPU Id       3    Fastpath                      .	 >       1'G >    Total blocks            35565080    Sectors per track             h	 >     254uG >    Total cylinders             7001    Tracks per cylinder           m	 >      20e > G >    Volume label               "FOO"    Relative volume number        r	 >       0 G >    Cluster size                  35    Transaction count             >	 >       1 G >    Free blocks             32450355    Maximum files allowed          	 >  493959wG >    Extend quantity                5    Mount count                   a	 >       1t8 >    Mount status              System    Cache name      >"_APOLLO$DKB0:XQPCACHE"G >    Extent cache size            256    Maximum blocks in extent cachee	 > 3245035.C >    File ID cache size           256    Blocks currently in extentc
 >cache3244570 G >    Quota cache size               0    Maximum buffers in FCP cache  e	 >    6600e4 >    Volume owner UIC         [100,0]    Vol Prot    >S:RWCD,O:RWCD,G:RWCD,W:RWCD >VC >  Volume Status:  ODS-2, subject to mount verification, write-backo >caching >      enabled.f >d5 >ICITST[APOLLO]: dir/full DKB500:[000000]sortwork.dire >i >Directory DKB500:[000000] >t2 >SORTWORK.DIR;1                File ID:  (702,1,0)1 >Size:            1/35         Owner:    [foowho]S# >Created:   26-JUN-2002 08:50:34.02a( >Revised:   29-JUL-2002 14:27:22.38 (10) >Expires:   <None specified>  >Backup:    <No backup recorded> >Effective: <None specified> >Recording: <None specified> >File organization:  Sequential  >Shelved state:      Online-! >Caching attribute:  Writethrough,G >File attributes:    Allocation: 35, Extend: 0, Global buffer count: 0,cD >                    No default version limit, Contiguous, Directory >file9D >Record format:      Variable length, maximum 512 bytes, longest 512 >bytes5 >Record attributes:  No carriage control, Non-spannede >RMS attributes:     Nonen >Journaling enabled: NoneeD >File protection:    System:RWED, Owner:RWED, Group:RWED, World:RWED >Access Cntrl List:  Noner >Client attributes:  None  >l >Total of 1 file, 1/35 blocks. >- >- >ICITST[APOLLO]: sho log sort* >, >(LNM$PROCESS_TABLE) >0$ >  "SORTDISK1" = "DKB500:[SORTWORK]"$ >  "SORTDISK2" = "DKB500:[SORTWORK]"$ >  "SORTDISK3" = "DKB500:[SORTWORK]"$ >  "SORTDISK4" = "DKB500:[SORTWORK]"/ >  "SORTWORK0" = "SYS$LOGIN:SORT0_00000468.TMP"r/ >  "SORTWORK1" = "SORTDISK0:SORT1_00000468.TMP"C/ >  "SORTWORK2" = "SORTDISK1:SORT1_00000468.TMP"i/ >  "SORTWORK3" = "SORTDISK2:SORT1_00000468.TMP"@/ >  "SORTWORK4" = "SORTDISK3:SORT1_00000468.TMP" / >  "SORTWORK5" = "SORTDISK4:SORT1_00000468.TMP"r >y >(ICITST$DATA) >  >(foologicals) >r >(LNM$JOB_813B6400)  >i >(LNM$GROUP_000001)a >t >(LNM$SYSTEM_TABLE), > $ >  "SORTDISK0" = "DKB500:[SORTWORK]"$ >  "SORTDISK1" = "DKB600:[SORTWORK]"$ >  "SORTDISK2" = "DKC000:[SORTWORK]"$ >  "SORTDISK3" = "DKC100:[SORTWORK]"$ >  "SORTDISK4" = "DKC200:[SORTWORK]" >  "SORTSHR_TV" = "SORTSHR"  >  >(LNM$SYSCLUSTER_TABLE)h >o >(DECW$LOGICAL_NAMES)) >    >s8 Does DKB500:[SORTWORK]SORT1_00000468.TMP; already exist?& Can you create the file with $Create ?. Whats the protection on SYS$LOGIN (SORTWORK0)?   -- s, Remove KNICKERS before replying by Email ;-)   ------------------------------  + Date: Tue, 30 Jul 2002 06:14:35 -0700 (PDT)e. From: Fabio Cardoso <fabiopenvms@yahoo.com.br>( Subject: Re: Storageworks For OVMS Class@ Message-ID: <20020730131435.37896.qmail@web20208.mail.yahoo.com>  1 I tought Sept 11  would become a National Day (noe work)r in USA !!!!!       Regardsu   FC B3 --- Alan Boyles <alan.boyles@mindspring.com> wrote:r6 > A Storageworks for OVMS class has been scheduled for > Sept 9-11 in Houston.65 > The class ID is #333 and can be used toward the SAN  > Architect MASE.  We areo4 > also trying to schedule the final two days of that > week for an EVA class.$ > Will let you know if that happens. >  > Class Signup ID is 514474c" > Training number is 800-732-5741. >  > Alan >  >      =====r ========================== Fbio dos Santos Cardoso OpenVMS System Manager Rio de Janeiro - Brazila fabiopenvms@yahoo.com.br ==========================  2 __________________________________________________ Do You Yahoo!?( Yahoo! Health - Feel better, live better http://health.yahoo.comn   ------------------------------  # Date: Tue, 30 Jul 2002 13:59:34 GMTs1 From: "Terry C. Shannon" <terryshannon@attbi.com>f( Subject: Re: Storageworks For OVMS Class/ Message-ID: <aZw19.185070$Wt3.138858@rwcrnsc53>   G Hadn't heard that one, but methinks 11 Sept will be an excellent day tob maintain a very low profile!   cheers,i   terry sn  ; "Fabio Cardoso" <fabiopenvms@yahoo.com.br> wrote in messageo: news:20020730131435.37896.qmail@web20208.mail.yahoo.com...3 > I tought Sept 11  would become a National Day (no. > work)j > in USA !!!!! >t >c >P	 > Regardst >e > FC5 > --- Alan Boyles <alan.boyles@mindspring.com> wrote:H8 > > A Storageworks for OVMS class has been scheduled for > > Sept 9-11 in Houston.H7 > > The class ID is #333 and can be used toward the SANm > > Architect MASE.  We aree6 > > also trying to schedule the final two days of that > > week for an EVA class.& > > Will let you know if that happens. > >  > > Class Signup ID is 514474f$ > > Training number is 800-732-5741. > >t > > Alan > >  > >  >  >  > =====h > ========================== > Fbio dos Santos Cardoso > OpenVMS System Manager > Rio de Janeiro - Brazilr > fabiopenvms@yahoo.com.br > ========================== >u4 > __________________________________________________ > Do You Yahoo!?* > Yahoo! Health - Feel better, live better > http://health.yahoo.coms   ------------------------------  % Date: Tue, 30 Jul 2002 10:32:16 -0700-# From: "Tom Linden" <tom@kednos.com>0" Subject: UPDATE: PL/I HOBBYIST kit9 Message-ID: <CIEJLCMNHNNDLLOOGNJICEJPFHAA.tom@kednos.com>v  : We originally had a problem in the installation of the kit; as regards the license checks.  This should now be working t for both VAX and Alpha.n  ? I would appreciate any feedback.  Also if someone is installingM; on VAX would like confirmation of updates to IMAGELIB w.r.t  PLIRTL     ---r& Outgoing mail is certified Virus Free.: Checked by AVG anti-virus system (http://www.grisoft.com).@ Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002   ------------------------------  % Date: Tue, 30 Jul 2002 06:44:14 -0700d, From: "James Gessling" <jgessling@yahoo.com>* Subject: Re: Using PCA on an Apache module5 Message-ID: <ai657f$125j19$1@ID-46415.news.dfncis.de>g  : "Larry Kilgallen" <Kilgallen@SpamCop.net> wrote in message- news:RRaXKXT0gQ+4@eisner.encompasserve.org...lH > In article <ai3vbe$11cpmd$1@ID-46415.news.dfncis.de>, "James Gessling" <jgessling@yahoo.com> writes:t> > > I'm trying to investigate performance of an Apache module. >aD > I don't know much about Apache, but I thought it was written in C. >r > Does Apache use DECthreads ? > 8 > The last I knew, PCA was incompatible with DECthreads.  J Yes apache is written in C, but in the case of a module, it gets loaded at run timeG with a lib$find_image_symbol.  So I was trying to get PCA to track that  code.a  L I guess I will build a whole server from source, not just the module and try that. 7 Threads are optiional in Apache, csws doesn't use them.B   JimE   ------------------------------  % Date: Tue, 30 Jul 2002 12:56:26 +0200S9 From: Jan-Erik =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com> C Subject: VT-emulation and Prusik Peak... (Was:Clusterwide logicals) ' Message-ID: <3D4670DA.42EFE444@aaa.com>r  > Oh, I thought VT2xx, VT3xx, VT4xx and VT5xx just was different5 flavours of "VT-100-emulators" with a few add-ons :-)2  9 Anyway, I changed from "Control Characters, Interpret" toR8 "Control Characters, Display" in my Reflection 2 and all control codes displayed nicely.s  < Reflection 2 also gives the following valuable information :   Prusik Peak   8    Prusik Peak, elevation 8,000+ feet, is located in the=    Enchantments Wilderness area of Washington State's Cascade ;    Mountain Range.  Nestled in a high alpine environment of-D    mountains and lakes, Prusik Peak stands out with its distinctive A    angular granite faces. The spire offers several classic alpineW@    rock climbing routes. The first successful ascent of the peak>    was via the East Face in 1948 by Fred Becky and Art Holben.>    They named the peak for Dr. Karl Prusik after they reached -    the summit with the aid of prusik slings. i    i :-)o   Jan-Erik Sderholm.t   Phillip Helbig wrote:e > ? > > I'd try to enable "hex-mode" or "display-control-codes" (ors; > > whatever it might be called in your VT-emulator) so all 3 >                                       ^^^^^^^^^^^e > 2 > A real VT :-) (520) as well as several DECterms. > = > > ESC-sequences are displayed. Then it might be possible to  > > find out what's going on.0 >  > I'll look into it.   ------------------------------    Date: 30 Jul 2002 07:45:31 -0600- From: koehler@encompasserve.org (Bob Koehler)eQ Subject: Re: What happens when you have more than 1000 current print/batch jobs ?y3 Message-ID: <3y324FTexh8a@eisner.encompasserve.org>t  c In article <3D45D42C.6AE102E1@aaa.com>, Jan-Erik =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com> writes:g7 > In a test I run a couple of months ago, I was able tod3 > queue well over 100.000 entries. Yes, the numbers 4 > got a bit "funny" and the output of SHOW QUEUE got1 > "*****" instead of entry numbers, but I *had* >e3 > 100.000 entries on a single queue without getting  > any error messages.   J    Since it's a longword it potentially could handle about 2 or 4 billion D    entries.  I'm sure that's untested and there's likely some other D    undocumented limit within the queue manager somewhere.  (Just howH    big a disk do you have to store that queue file, and how many entries>    can its internal layout really handle?)  Not to mention the    performance hit.C  D    It looks like you're getting into the works-but-unsupported area.E    I can't imagine lots of customers calling HP and demanding supportXE    for more than 100,000 entries, but the first customer who does mayt(    also be one of the largest customers.   ------------------------------  % Date: Tue, 30 Jul 2002 15:28:48 +0200 9 From: Jan-Erik =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com> Q Subject: Re: What happens when you have more than 1000 current print/batch jobs ?e& Message-ID: <3D469490.D687E5C@aaa.com>  8 Well, there is things you just must *have* to do without2 any real benefit, put a man on the moon, climb the7 Mount Everest and see what happens with your 100.001'sta entry on a VMS queue :-)  : I think the queue file went up to a couple of 100' blocks.3 Now, in a real case each entry would probably point,5 to a uniqe spool file, and those files would probablyt7 take up more space then the queue file anyway. I queued " the same print-file over and over.  9 I didn't "see" any performance hit when doing things like 6 "delete/entry=xxx" or "show entry xxx". My test script6 queued entries with aprox the same entry/sec speed the
 whole run.  > Never-the-less, it proves in a way that we don't have to worry- that much about the "size" of the VMS queues.:  	 Jan-Erik.    Bob Koehler wrote: > e > In article <3D45D42C.6AE102E1@aaa.com>, Jan-Erik =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com> writes: 9 > > In a test I run a couple of months ago, I was able too5 > > queue well over 100.000 entries. Yes, the numberso6 > > got a bit "funny" and the output of SHOW QUEUE got3 > > "*****" instead of entry numbers, but I *had* >a5 > > 100.000 entries on a single queue without getting  > > any error messages.  > K >    Since it's a longword it potentially could handle about 2 or 4 billioneE >    entries.  I'm sure that's untested and there's likely some otheroF >    undocumented limit within the queue manager somewhere.  (Just howJ >    big a disk do you have to store that queue file, and how many entries@ >    can its internal layout really handle?)  Not to mention the >    performance hit.  > F >    It looks like you're getting into the works-but-unsupported area.G >    I can't imagine lots of customers calling HP and demanding support0G >    for more than 100,000 entries, but the first customer who does mayI* >    also be one of the largest customers.   ------------------------------  % Date: Tue, 30 Jul 2002 10:42:17 -0600o6 From: "Michael D. Ober" <obermd.@.alum.mit.edu.nospam>Q Subject: Re: What happens when you have more than 1000 current print/batch jobs ? 0 Message-ID: <Zlz19.73$RT6.31033@news.uswest.net>  J I could see this easily happening for a mass mailer using the SMTP queues.  
 Mike Ober.  : "Bob Koehler" <koehler@encompasserve.org> wrote in message- news:3y324FTexh8a@eisner.encompasserve.org...t2 > In article <3D45D42C.6AE102E1@aaa.com>, Jan-Erik2 =?iso-8859-1?Q?S=F6derholm?= <aaa@aaa.com> writes:9 > > In a test I run a couple of months ago, I was able toz5 > > queue well over 100.000 entries. Yes, the numbers 6 > > got a bit "funny" and the output of SHOW QUEUE got3 > > "*****" instead of entry numbers, but I *had* >r5 > > 100.000 entries on a single queue without getting= > > any error messages.f >aK >    Since it's a longword it potentially could handle about 2 or 4 billiontE >    entries.  I'm sure that's untested and there's likely some otherrF >    undocumented limit within the queue manager somewhere.  (Just howJ >    big a disk do you have to store that queue file, and how many entries@ >    can its internal layout really handle?)  Not to mention the >    performance hit.y >lF >    It looks like you're getting into the works-but-unsupported area.G >    I can't imagine lots of customers calling HP and demanding support-G >    for more than 100,000 entries, but the first customer who does may2* >    also be one of the largest customers.   ------------------------------   End of INFO-VAX 2002.417 ************************