libtls: add missing length checks before BIO_new_mem_buf() - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2026-04-16 05:16:48 +0000
committer	tb <>	2026-04-16 05:16:48 +0000
commit	d680a6fb78c5f1a30a0d45de7b989cee9631652a (patch)
tree	d831a8a22e90acc60941bd3ade8245ac3c6b3b0f /src/usr.sbin
parent	814cf761c3d6111996b311e8fe62455469ae8a3c (diff)
download	openbsd-d680a6fb78c5f1a30a0d45de7b989cee9631652a.tar.gz openbsd-d680a6fb78c5f1a30a0d45de7b989cee9631652a.tar.bz2 openbsd-d680a6fb78c5f1a30a0d45de7b989cee9631652a.zip

libtls: add missing length checks before BIO_new_mem_buf()

Like all proper libcrypto APIs, BIO_new_mem_buf() takes an int as a length argument. Check the size_t passed in to be at most INT_MAX to avoid issues with truncation and overflow like it's done everywhere else. After release this should probably be clamped down further since legitimate files (certs and keys) are nowhere near this large. Prompted by a diff by Michael Forney ok jsing

Diffstat (limited to 'src/usr.sbin')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: