From 3374ab37b74a5cd7d198a17bc67f12c6b5bf2232 Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Tue, 20 Apr 2010 23:01:28 +0000
Subject: The openssl command line tool treats the non-null terminated buffer
 "mbuf" as a C string when using the pop3 s_client feature. This causes a
 segmentation fault with malloc.conf option "J" set when BIO_printf() runs off
 the end of the buffer. The following patch fixes PR 6282 from Matthew Haub
 (asked to submit upstream), ok djm

---
 src/lib/libssl/src/apps/s_client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index 70e7254a91..5bbad0e1e6 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -1074,7 +1074,7 @@ SSL_set_tlsext_status_ids(con, ids);
 
 				if (starttls_proto)
 					{
-					BIO_printf(bio_err,"%s",mbuf);
+					BIO_write(bio_err, mbuf, mbuf_len);
 					/* We don't need to know any more */
 					starttls_proto = PROTO_OFF;
 					}
-- 
cgit v1.2.3-55-g6feb