Patch to correct CAN-2003-0543 CAN-2003-0544 for OpenSSL 0.9.6
To use this patch run "patch -p1 < openssl6.patch" in your OpenSSL source dir

Submitted by: Stephen Henson <steve@openssl.org>

diff -ur openssl6/crypto/asn1/asn1_lib.c ossl6/crypto/asn1/asn1_lib.c
--- openssl6/crypto/asn1/asn1_lib.c	2002-08-02 20:00:21.000000000 +0100
+++ ossl6/crypto/asn1/asn1_lib.c	2003-09-10 17:35:22.000000000 +0100
@@ -104,10 +104,12 @@
 			l<<=7L;
 			l|= *(p++)&0x7f;
 			if (--max == 0) goto err;
+			if (l > (INT_MAX >> 7L)) goto err;
 			}
 		l<<=7L;
 		l|= *(p++)&0x7f;
 		tag=(int)l;
+		if (--max == 0) goto err;
 		}
 	else
 		{ 
diff -ur openssl6/crypto/x509/x509_vfy.c ossl6/crypto/x509/x509_vfy.c
--- openssl6/crypto/x509/x509_vfy.c	2002-12-10 08:28:16.000000000 +0000
+++ ossl6/crypto/x509/x509_vfy.c	2003-09-10 17:35:22.000000000 +0100
@@ -490,7 +490,7 @@
 				ok=(*cb)(0,ctx);
 				if (!ok) goto end;
 				}
-			if (X509_verify(xs,pkey) <= 0)
+			else if (X509_verify(xs,pkey) <= 0)
 				{
 				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
 				ctx->current_cert=xs;
