git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Tue, 19 May 2015 15:03:02 +0000 (16:03 +0100)
committer	Matt Caswell <matt@openssl.org>
	Fri, 22 May 2015 22:43:07 +0000 (23:43 +0100)
commit	c6eb1cbd1e2afbf0e0e9170cb9b5df1ff25bfd14
tree	582be98a19c77a791fdf08f3e67413c44c35eeaf	tree \| snapshot
parent	1a9499cf23dfd441628f37c29cfe5ac615255ee1	commit \| diff

Fix off-by-one in BN_rand

If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

crypto/bn/bn.h		diff \| blob \| history
crypto/bn/bn_err.c		diff \| blob \| history
crypto/bn/bn_rand.c		diff \| blob \| history
doc/crypto/BN_rand.pod		diff \| blob \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom