[openssl-dev] [openssl.org #4649] [PATCH] BIO_debug_callback could write before the beginning of a buffer
Perrow, Graeme via RT
rt at openssl.org
Tue Aug 16 18:23:05 UTC 2016
In the BIO_debug_callback function, we call BIO_snprintf which could return -1 in the case of an error. However, there is no check for this condition, and so the subsequent code would subtract one from buf and write data there, overwriting the byte immediately before the static buffer.
This patch fixes the problem by checking for a negative return code from the first BIO_sprintf.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4649
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BIO_debug_callback.patch
Type: application/octet-stream
Size: 453 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160816/87286dc9/attachment.obj>
More information about the openssl-dev
mailing list