[openssl/openssl] 0f90c4: Fix stack corruption in ui_read
Bernd Edlinger
noreply at github.com
Wed May 17 10:10:27 UTC 2023
Branch: refs/heads/OpenSSL_1_1_1-stable
Home: https://github.com/openssl/openssl
Commit: 0f90c4de9f58070a423003ec6b34ef1a9a670ec9
https://github.com/openssl/openssl/commit/0f90c4de9f58070a423003ec6b34ef1a9a670ec9
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: 2023-05-17 (Wed, 17 May 2023)
Changed paths:
M crypto/ui/ui_lib.c
M crypto/ui/ui_util.c
Log Message:
-----------
Fix stack corruption in ui_read
This is an alternative to #20893
Additionally this fixes also a possible issue in UI_UTIL_read_pw:
When UI_new returns NULL, the result code would still be zero
as if UI_UTIL_read_pw succeeded, but the password buffer is left
uninitialized, with subsequent possible stack corruption or worse.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20957)
(cherry picked from commit a64c48cff88e032cf9513578493c4536df725a22)
More information about the openssl-commits
mailing list