[openssl] master update

tomas at openssl.org tomas at openssl.org
Tue Oct 19 10:16:30 UTC 2021


The branch master has been updated
       via  a98b26588b683eb024ab81f3bb3549c43acd5188 (commit)
      from  5fdc95e443b4d62a3d1f7094ae6d6ae4682b77e0 (commit)


- Log -----------------------------------------------------------------
commit a98b26588b683eb024ab81f3bb3549c43acd5188
Author: jwalch <jeremy.walch at gmail.com>
Date:   Fri Oct 15 19:03:17 2021 -0400

    Avoid NULL+X UB in bss_mem.c
    
    Fixes #16816
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16818)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bio/bss_mem.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
index 7e501762bb..9153c1f1cd 100644
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -254,7 +254,7 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
         bm = bbm->readp;
         bo = bbm->buf;
     }
-    off = bm->data - bo->data;
+    off = (bm->data == bo->data) ? 0 : bm->data - bo->data;
     remain = bm->length;
 
     switch (cmd) {
@@ -277,7 +277,7 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
         if (num < 0 || num > off + remain)
             return -1;   /* Can't see outside of the current buffer */
 
-        bm->data = bo->data + num;
+        bm->data = (num != 0) ? bo->data + num : bo->data;
         bm->length = bo->length - num;
         bm->max = bo->max - num;
         off = num;


More information about the openssl-commits mailing list