[openssl] openssl-3.0 update

tomas at openssl.org tomas at openssl.org
Tue Oct 19 10:16:40 UTC 2021


The branch openssl-3.0 has been updated
       via  0c34ce7c99d6113dec7652bceafe6d7744edf2cf (commit)
      from  2f98fd4b04bcb25fd7134c39ea4930c57615d4ea (commit)


- Log -----------------------------------------------------------------
commit 0c34ce7c99d6113dec7652bceafe6d7744edf2cf
Author: jwalch <jeremy.walch at gmail.com>
Date:   Fri Oct 15 19:03:17 2021 -0400

    Avoid NULL+X UB in bss_mem.c
    
    Fixes #16816
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16818)
    
    (cherry picked from commit a98b26588b683eb024ab81f3bb3549c43acd5188)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bio/bss_mem.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
index 7e501762bb..9153c1f1cd 100644
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -254,7 +254,7 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
         bm = bbm->readp;
         bo = bbm->buf;
     }
-    off = bm->data - bo->data;
+    off = (bm->data == bo->data) ? 0 : bm->data - bo->data;
     remain = bm->length;
 
     switch (cmd) {
@@ -277,7 +277,7 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
         if (num < 0 || num > off + remain)
             return -1;   /* Can't see outside of the current buffer */
 
-        bm->data = bo->data + num;
+        bm->data = (num != 0) ? bo->data + num : bo->data;
         bm->length = bo->length - num;
         bm->max = bo->max - num;
         off = num;


More information about the openssl-commits mailing list