[openssl-dev] [openssl.org #3904] [master] NULL handling Issues in i2c_ibuf() in a_int.c
Kurt Cancemi via RT
rt at openssl.org
Fri Jun 12 15:44:33 UTC 2015
This ticket only applies to master
What is the intended behavior when b or blen is NULL?
all I see is that ret is set to 1 and the function continues.
These issues are both related to the above question.
First issue
When !neg and b == NULL the following operation is preformed likely
resulting in a undefined behavior:
line 164: memcpy(p, b, blen);
memcpy with the b (src) NULL.
Second issue
When b == NULL and n == b, n is decremented while it is NULL likely
resulting in undefined behavior:
line 167: n = b + blen - 1;
line 171:
while (!*n && i > 1) {
*(p--) = 0;
n--;
i--;
}
--
Kurt Cancemi
https://www.x64architecture.com
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list