[openssl-dev] [openssl.org #4656] [BUG] print_bin could access memory off the end of a buffer
Perrow, Graeme via RT
rt at openssl.org
Mon Aug 22 13:56:18 UTC 2016
In file crypto/ec/eck_prn.c, if the function print_bin is called with len >= 15 and off >= 124, we would eventually hit line 261:
memset( &(str[1]), ' ', off + 4 );
which would write >= 128 bytes into a 127-byte buffer.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4656
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list