[openssl/openssl] 5d6f13: Fix stack corruption in ui_read
Bernd Edlinger
noreply at github.com
Wed May 17 10:10:25 UTC 2023
Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: 5d6f13d90d5c4212737002bcd54871cf236a1220
https://github.com/openssl/openssl/commit/5d6f13d90d5c4212737002bcd54871cf236a1220
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: 2023-05-17 (Wed, 17 May 2023)
Changed paths:
M crypto/ui/ui_lib.c
M crypto/ui/ui_util.c
M test/evp_extra_test2.c
Log Message:
-----------
Fix stack corruption in ui_read
This is an alternative to #20893
Additionally this fixes also a possible issue in UI_UTIL_read_pw:
When UI_new returns NULL, the result code would still be zero
as if UI_UTIL_read_pw succeeded, but the password buffer is left
uninitialized, with subsequent possible stack corruption or worse.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20957)
(cherry picked from commit a64c48cff88e032cf9513578493c4536df725a22)
More information about the openssl-commits
mailing list