Avoid buffer underflow in evp_test.
authorPauli <paul.dale@oracle.com>
Mon, 27 Feb 2017 04:26:16 +0000 (14:26 +1000)
committerRich Salz <rsalz@openssl.org>
Tue, 28 Feb 2017 14:14:50 +0000 (09:14 -0500)
The second loop in the remove_space function doesn't check for walking
back off of the start of the string while setting white space to 0.

This fix exits this loop once the pointer is before the (updated) beginning
of the string.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2752)

test/evp_test.c

index 494a46b..d924e3f 100644 (file)
 
 static void remove_space(char **pval)
 {
-    unsigned char *p = (unsigned char *)*pval;
+    unsigned char *p = (unsigned char *)*pval, *beginning;
 
     while (isspace(*p))
         p++;
 
-    *pval = (char *)p;
+    *pval = (char *)(beginning = p);
 
     p = p + strlen(*pval) - 1;
 
     /* Remove trailing space */
-    while (isspace(*p))
+    while (p >= beginning && isspace(*p))
         *p-- = 0;
 }