projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7cc18d8) | patch
Fix off-by-one in BN_rand
authorMatt Caswell <matt@openssl.org>
Tue, 19 May 2015 15:03:02 +0000 (16:03 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 22 May 2015 22:40:38 +0000 (23:40 +0100)
commitefee575ad464bfb60bf72dcb73f9b51768f4b1a1
tree2350f1a20e2752afd68de0aebb656f0591974e91tree | snapshot
parent7cc18d8158b5fc2676393d99b51c30c135502107commit | diff
Fix off-by-one in BN_rand

If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
crypto/bn/bn_rand.c diff | blob | history
doc/crypto/BN_rand.pod diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.