[openssl] master update

Richard Levitte levitte at openssl.org
Wed Jul 31 11:22:17 UTC 2019 

The branch master has been updated
       via  189dbdd99416a481d49a43bd7f4a8ab90bef1e85 (commit)
      from  faa9dcd4d468441422254ab2d887bb267e0245b6 (commit)


- Log -----------------------------------------------------------------
commit 189dbdd99416a481d49a43bd7f4a8ab90bef1e85
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Jul 31 09:27:05 2019 +0200

    ERR: fix err_data_size inconsistencies
    
    In ERR_add_error_vdata(), the size of err_data had 1 added to it in
    some spots, which could lead to buffer overflow.
    
    In ERR_vset_error(), ERR_MAX_DATA_SIZE was used instead of buf_size in
    the BIO_vsnprintf() call, which would lead to a buffer overflow if
    such a large buffer couldn't be allocated.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/9491)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/err.c        | 6 +++---
 crypto/err/err_blocks.c | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/crypto/err/err.c b/crypto/err/err.c
index f129c1c7d6..24549e3a49 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -795,18 +795,18 @@ void ERR_add_error_vdata(int num, va_list args)
         if (arg == NULL)
             arg = "<NULL>";
         len += strlen(arg);
-        if (len > size) {
+        if (len >= size) {
             char *p;
 
             size = len + 20;
-            p = OPENSSL_realloc(str, size + 1);
+            p = OPENSSL_realloc(str, size);
             if (p == NULL) {
                 OPENSSL_free(str);
                 return;
             }
             str = p;
         }
-        OPENSSL_strlcat(str, arg, (size_t)size + 1);
+        OPENSSL_strlcat(str, arg, (size_t)size);
     }
     if (!err_set_error_data_int(str, size, flags, 0))
         OPENSSL_free(str);
diff --git a/crypto/err/err_blocks.c b/crypto/err/err_blocks.c
index 49086bd0c2..cf1bb9708a 100644
--- a/crypto/err/err_blocks.c
+++ b/crypto/err/err_blocks.c
@@ -85,7 +85,7 @@ void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
         }
 
         if (buf != NULL) {
-            printed_len = BIO_vsnprintf(buf, ERR_MAX_DATA_SIZE, fmt, args);
+            printed_len = BIO_vsnprintf(buf, buf_size, fmt, args);
         }
         if (printed_len < 0)
             printed_len = 0;

More information about the openssl-commits mailing list