Stephen Henson via RT wrote: > > > > Have you tried this in OpenSSL 0.9.7a? > I should have mentioned... this is with OpenSSL 0.9.7a.
See o_time.c line 82: ts = gmtime(timer); if (ts != NULL) memcpy(result, ts, sizeof(struct tm)); ts = result; Essentially, 'result' is left ininitialised if ts==NULL. The result buffer was passed in from a_gentm.c line 217 where it hasn't been initialised yet... The resulting junk causes the sprintf on line 231 to overflow its buffer. Tony ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]