projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c0de854) | patch
Fix off-by-one in BN_rand
authorMatt Caswell <matt@openssl.org>
Tue, 19 May 2015 15:03:02 +0000 (16:03 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 22 May 2015 22:48:52 +0000 (23:48 +0100)
commitf3b555a601d641448af8f2a7ef57c20db36f1b94
treeb17ae7c31634e065e7e0b940ef9ed01481d8490dtree | snapshot
parentc0de854c9d44569529fb562f0a193e81c395ce94commit | diff
Fix off-by-one in BN_rand

If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
crypto/bn/bn.h diff | blob | history
crypto/bn/bn_err.c diff | blob | history
crypto/bn/bn_rand.c diff | blob | history
doc/crypto/BN_rand.pod diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.