The UI_add_{input,verify}_string() functions want a length not including - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2018-08-14 17:51:36 +0000
committer	tb <>	2018-08-14 17:51:36 +0000
commit	6f67f5587af65f7420834c04188f5ead57ab95f1 (patch)
tree	09d5abfb98feb767117683f1e4d667977cbf1f49 /src/lib/libssl/ssl_srvr.c
parent	8632dd05c9defdc3ad6ac7ac3bcde039dbf92a2c (diff)
download	openbsd-6f67f5587af65f7420834c04188f5ead57ab95f1.tar.gz openbsd-6f67f5587af65f7420834c04188f5ead57ab95f1.tar.bz2 openbsd-6f67f5587af65f7420834c04188f5ead57ab95f1.zip

The UI_add_{input,verify}_string() functions want a length not including

the terminating NUL. EVP_read_pw_string_min() got this wrong, leading to a one-byte buffer overrun in all callers of EVP_read_pw_string(). Found by mestre running 'openssl passwd' with MALLOC_OPTIONS including C. Fix this by doing some basic sanity checking in EVP_read_pw_string_min(). Cap the len argument at BUFSIZ and ensure that min < len as well as 0 <= min and 1 <= len. The last two checks are important as these numbers may end up in reallocarray(). ok bcook (on previous version), jsing, mestre

Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: