diff options
| author | deraadt <> | 2010-04-20 23:01:28 +0000 |
|---|---|---|
| committer | deraadt <> | 2010-04-20 23:01:28 +0000 |
| commit | 3374ab37b74a5cd7d198a17bc67f12c6b5bf2232 (patch) | |
| tree | 653b8930264e0c0e1fbd332b7e8645140fad00ea /src | |
| parent | 02238be6d92eb6b2dc10e0713b7a5a6be746d936 (diff) | |
| download | openbsd-3374ab37b74a5cd7d198a17bc67f12c6b5bf2232.tar.gz openbsd-3374ab37b74a5cd7d198a17bc67f12c6b5bf2232.tar.bz2 openbsd-3374ab37b74a5cd7d198a17bc67f12c6b5bf2232.zip | |
The openssl command line tool treats the non-null terminated buffer
"mbuf" as a C string when using the pop3 s_client feature. This causes
a segmentation fault with malloc.conf option "J" set when BIO_printf()
runs off the end of the buffer. The following patch fixes PR 6282
from Matthew Haub (asked to submit upstream), ok djm
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/src/apps/s_client.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c index 70e7254a91..5bbad0e1e6 100644 --- a/src/lib/libssl/src/apps/s_client.c +++ b/src/lib/libssl/src/apps/s_client.c | |||
| @@ -1074,7 +1074,7 @@ SSL_set_tlsext_status_ids(con, ids); | |||
| 1074 | 1074 | ||
| 1075 | if (starttls_proto) | 1075 | if (starttls_proto) |
| 1076 | { | 1076 | { |
| 1077 | BIO_printf(bio_err,"%s",mbuf); | 1077 | BIO_write(bio_err, mbuf, mbuf_len); |
| 1078 | /* We don't need to know any more */ | 1078 | /* We don't need to know any more */ |
| 1079 | starttls_proto = PROTO_OFF; | 1079 | starttls_proto = PROTO_OFF; |
| 1080 | } | 1080 | } |