git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Tue, 19 May 2015 15:03:02 +0000 (16:03 +0100)
committer	Matt Caswell <matt@openssl.org>
	Fri, 22 May 2015 22:45:33 +0000 (23:45 +0100)
commit	b484b040e39e03efbc889a204f5fd2406d7b04b5
tree	1ad052dd7de86dacaf2426c1b1ea1c50efe058fa	tree \| snapshot
parent	726b5e71329865d14e46e1eb96c986e3e373bbfd	commit \| diff

Fix off-by-one in BN_rand

If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

crypto/bn/bn.h		diff \| blob \| history
crypto/bn/bn_err.c		diff \| blob \| history
crypto/bn/bn_rand.c		diff \| blob \| history
doc/crypto/BN_rand.pod		diff \| blob \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom