projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d0c4415) | patch
Fix OOB read in TS_OBJ_print_bio().
authorDr. Stephen Henson <steve@openssl.org>
Thu, 21 Jul 2016 14:24:16 +0000 (15:24 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 22 Jul 2016 14:15:17 +0000 (15:15 +0100)
commit0ed26acce328ec16a3aa635f1ca37365e8c7403a
treea4a634f017e5d9061fb55daccf8bc6f0adf26048tree | snapshot
parentd0c4415de5eaa555ead6eb99660e46410b45e181commit | diff
Fix OOB read in TS_OBJ_print_bio().

TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell <matt@openssl.org>
crypto/ts/ts_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.