[master] NULL handling Issues in i2c_ibuf() in a_int.c
Kurt Cancemi
kurt at x64architecture.com
Fri Jun 12 15:42:53 UTC 2015
This ticket only applies to master
What is the intended behavior when b or blen is NULL?
all I see is that ret is set to 1 and the function continues.
These issues are both related to the above question.
First issue
When !neg and b == NULL the following operation is preformed likely
resulting in a undefined behavior:
line 164: memcpy(p, b, blen);
memcpy with the b (src) NULL.
Second issue
When b == NULL and n == b, n is decremented while it is NULL likely
resulting in undefined behavior:
line 167: n = b + blen - 1;
line 171:
while (!*n && i > 1) {
*(p--) = 0;
n--;
i--;
}
--
Kurt Cancemi
https://www.x64architecture.com
More information about the openssl-bugs-mod
mailing list