[openssl] openssl-3.0 update
Dr. Paul Dale
pauli at openssl.org
Tue Oct 26 22:27:27 UTC 2021
The branch openssl-3.0 has been updated
via 1682a8524652c4f1386852f0d0c1dec75895b7da (commit)
from 8606d3a919b265d4fd29606aab7be0fd3c78f7c2 (commit)
- Log -----------------------------------------------------------------
commit 1682a8524652c4f1386852f0d0c1dec75895b7da
Author: Pauli <pauli at openssl.org>
Date: Mon Oct 25 11:16:01 2021 +1000
speed: range check the argument given to -multi
For machines where sizeof(size_t) == sizeof(int) there is a possible overflow
which could cause a crash.
For machines where sizeof(size_t) > sizeof(int), the existing checks adequately
detect the situation.
Fixes #16899
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16904)
(cherry picked from commit 7220085f22cf6c49933ea8287eb15db57f7ab0db)
-----------------------------------------------------------------------
Summary of changes:
apps/speed.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/apps/speed.c b/apps/speed.c
index 1e5295398f..4dd9ce0885 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1540,6 +1540,10 @@ int speed_main(int argc, char **argv)
case OPT_MULTI:
#ifndef NO_FORK
multi = atoi(opt_arg());
+ if ((size_t)multi >= SIZE_MAX / sizeof(int)) {
+ BIO_printf(bio_err, "%s: multi argument too large\n", prog);
+ return 0;
+ }
#endif
break;
case OPT_ASYNCJOBS:
More information about the openssl-commits
mailing list