[openssl/openssl] a64c48: Fix stack corruption in ui_read

Bernd Edlinger noreply at github.com
Wed May 17 10:09:25 UTC 2023


  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: a64c48cff88e032cf9513578493c4536df725a22
      https://github.com/openssl/openssl/commit/a64c48cff88e032cf9513578493c4536df725a22
  Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
  Date:   2023-05-17 (Wed, 17 May 2023)

  Changed paths:
    M crypto/ui/ui_lib.c
    M crypto/ui/ui_util.c
    M test/evp_extra_test2.c

  Log Message:
  -----------
  Fix stack corruption in ui_read

This is an alternative to #20893

Additionally this fixes also a possible issue in UI_UTIL_read_pw:

When UI_new returns NULL, the result code would still be zero
as if UI_UTIL_read_pw succeeded, but the password buffer is left
uninitialized, with subsequent possible stack corruption or worse.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20957)




More information about the openssl-commits mailing list