[openssl/openssl] a64c48: Fix stack corruption in ui_read
Bernd Edlinger
noreply at github.com
Wed May 17 10:09:25 UTC 2023
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: a64c48cff88e032cf9513578493c4536df725a22
https://github.com/openssl/openssl/commit/a64c48cff88e032cf9513578493c4536df725a22
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: 2023-05-17 (Wed, 17 May 2023)
Changed paths:
M crypto/ui/ui_lib.c
M crypto/ui/ui_util.c
M test/evp_extra_test2.c
Log Message:
-----------
Fix stack corruption in ui_read
This is an alternative to #20893
Additionally this fixes also a possible issue in UI_UTIL_read_pw:
When UI_new returns NULL, the result code would still be zero
as if UI_UTIL_read_pw succeeded, but the password buffer is left
uninitialized, with subsequent possible stack corruption or worse.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20957)
More information about the openssl-commits
mailing list