From: Pauli <paul.dale@oracle.com>
Date: Mon, 27 Feb 2017 04:26:16 +0000 (+1000)
Subject: Avoid buffer underflow in evp_test.
X-Git-Tag: OpenSSL_1_1_1-pre1~2239
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=533b178db6aea206f07810ea20ecd43a90c51855;p=oweals%2Fopenssl.git

Avoid buffer underflow in evp_test.

The second loop in the remove_space function doesn't check for walking
back off of the start of the string while setting white space to 0.

This fix exits this loop once the pointer is before the (updated) beginning
of the string.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2752)
---

diff --git a/test/evp_test.c b/test/evp_test.c
index 494a46b318..d924e3f6fc 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -23,17 +23,17 @@
 
 static void remove_space(char **pval)
 {
-    unsigned char *p = (unsigned char *)*pval;
+    unsigned char *p = (unsigned char *)*pval, *beginning;
 
     while (isspace(*p))
         p++;
 
-    *pval = (char *)p;
+    *pval = (char *)(beginning = p);
 
     p = p + strlen(*pval) - 1;
 
     /* Remove trailing space */
-    while (isspace(*p))
+    while (p >= beginning && isspace(*p))
         *p-- = 0;
 }