projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 43d5dac) | patch
Fix stack corruption in ui_read
authorBernd Edlinger <bernd.edlinger@hotmail.de>
Sat, 13 May 2023 07:04:18 +0000 (09:04 +0200)
committerTomas Mraz <tomas@openssl.org>
Wed, 17 May 2023 10:07:02 +0000 (12:07 +0200)
commita64c48cff88e032cf9513578493c4536df725a22
tree303a52f0ae1ee45ce56f59d23cbacfeb01542472tree | snapshot
parent43d5dac9d00ac486823d949f85ee3ad650b62af8commit | diff
Fix stack corruption in ui_read

This is an alternative to #20893

Additionally this fixes also a possible issue in UI_UTIL_read_pw:

When UI_new returns NULL, the result code would still be zero
as if UI_UTIL_read_pw succeeded, but the password buffer is left
uninitialized, with subsequent possible stack corruption or worse.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20957)
crypto/ui/ui_lib.c diff | blob | history
crypto/ui/ui_util.c diff | blob | history
test/evp_extra_test2.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.