projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 251e941) | patch
Prevent an overflow if an application supplies a buffer that is too small
authorMatt Caswell <matt@openssl.org>
Thu, 7 Oct 2021 10:33:17 +0000 (11:33 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 22 Oct 2021 07:43:26 +0000 (08:43 +0100)
commit43da9a14f0e73f42f28ae34219929b44df5d1a11
tree57d0663dfae371f81eb39e437c851448ca4f1f79tree | snapshot
parent251e941283f554f0dc4b315e3a8fb82ef5b71982commit | diff
Prevent an overflow if an application supplies a buffer that is too small

If an application bug means that a buffer smaller than is necessary is
passed to various functions then OpenSSL does not spot that the buffer
is too small and fills it anyway. This PR prevents that.

Since it requires an application bug to hit this problem, no CVE is
allocated.

Thanks to David Benjamin for reporting this issue.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
crypto/evp/m_sigver.c diff | blob | history
crypto/evp/p_lib.c diff | blob | history
crypto/evp/signature.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.