projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b880283) | patch
Fix OOB read in TS_OBJ_print_bio().
authorDr. Stephen Henson <steve@openssl.org>
Thu, 21 Jul 2016 14:24:16 +0000 (15:24 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 22 Jul 2016 14:16:31 +0000 (15:16 +0100)
commitb746aa3fe05b5b5f7126df247ac3eceeb995e2a0
tree30a46a6697f5c23a896dfbf0376afd9c92833cd8tree | snapshot
parentb880283683958c873ce8363892c44277ec5081f8commit | diff
Fix OOB read in TS_OBJ_print_bio().

TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a)
crypto/ts/ts_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.