The UI_add_{input,verify}_string() functions want a length not including - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2018-08-14 17:51:36 +0000
committer	tb <>	2018-08-14 17:51:36 +0000
commit	bb1d97427df2d89362a9a4b4d02e7fa26ef0cdf8 (patch)
tree	09d5abfb98feb767117683f1e4d667977cbf1f49 /src/lib/libssl/ssl_clnt.c
parent	6c03c79c878867ba3e9e82a10e2cb110bc526f56 (diff)
download	openbsd-bb1d97427df2d89362a9a4b4d02e7fa26ef0cdf8.tar.gz openbsd-bb1d97427df2d89362a9a4b4d02e7fa26ef0cdf8.tar.bz2 openbsd-bb1d97427df2d89362a9a4b4d02e7fa26ef0cdf8.zip

The UI_add_{input,verify}_string() functions want a length not including

the terminating NUL. EVP_read_pw_string_min() got this wrong, leading to a one-byte buffer overrun in all callers of EVP_read_pw_string(). Found by mestre running 'openssl passwd' with MALLOC_OPTIONS including C. Fix this by doing some basic sanity checking in EVP_read_pw_string_min(). Cap the len argument at BUFSIZ and ensure that min < len as well as 0 <= min and 1 <= len. The last two checks are important as these numbers may end up in reallocarray(). ok bcook (on previous version), jsing, mestre

Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: