[openssl/openssl] 205e7e: Fix stack corruption in ui_read
Bernd Edlinger
noreply at github.com
Wed May 17 10:10:26 UTC 2023
Branch: refs/heads/openssl-3.1
Home: https://github.com/openssl/openssl
Commit: 205e7e33a69f5d37887b3f80a8e529c929d23db8
https://github.com/openssl/openssl/commit/205e7e33a69f5d37887b3f80a8e529c929d23db8
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: 2023-05-17 (Wed, 17 May 2023)
Changed paths:
M crypto/ui/ui_lib.c
M crypto/ui/ui_util.c
M test/evp_extra_test2.c
Log Message:
-----------
Fix stack corruption in ui_read
This is an alternative to #20893
Additionally this fixes also a possible issue in UI_UTIL_read_pw:
When UI_new returns NULL, the result code would still be zero
as if UI_UTIL_read_pw succeeded, but the password buffer is left
uninitialized, with subsequent possible stack corruption or worse.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20957)
(cherry picked from commit a64c48cff88e032cf9513578493c4536df725a22)
More information about the openssl-commits
mailing list