Stephen Henson via RT wrote:
>
>
>
> Have you tried this in OpenSSL 0.9.7a?
>
I should have mentioned... this is with OpenSSL 0.9.7a.
See o_time.c line 82:
ts = gmtime(timer);
if (ts != NULL)
memcpy(result, ts, sizeof(struct tm));
ts = result;
Essentially, 'result' is left ininitialised if ts==NULL.
The result buffer was passed in from a_gentm.c line 217 where it hasn't
been initialised yet... The resulting junk causes the sprintf on line
231 to overflow its buffer.
Tony
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
