From 533b178db6aea206f07810ea20ecd43a90c51855 Mon Sep 17 00:00:00 2001
From: Pauli <paul.dale@oracle.com>
Date: Mon, 27 Feb 2017 14:26:16 +1000
Subject: [PATCH] Avoid buffer underflow in evp_test.

The second loop in the remove_space function doesn't check for walking
back off of the start of the string while setting white space to 0.

This fix exits this loop once the pointer is before the (updated) beginning
of the string.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2752)
---
 test/evp_test.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/evp_test.c b/test/evp_test.c
index 494a46b318..d924e3f6fc 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -23,17 +23,17 @@
 
 static void remove_space(char **pval)
 {
-    unsigned char *p = (unsigned char *)*pval;
+    unsigned char *p = (unsigned char *)*pval, *beginning;
 
     while (isspace(*p))
         p++;
 
-    *pval = (char *)p;
+    *pval = (char *)(beginning = p);
 
     p = p + strlen(*pval) - 1;
 
     /* Remove trailing space */
-    while (isspace(*p))
+    while (p >= beginning && isspace(*p))
         *p-- = 0;
 }
 
-- 
2.25.1