[EMAIL PROTECTED] - Wed Mar 12 00:13:24 2003]: > Stephen Henson via RT wrote: > > > > > > > > Have you tried this in OpenSSL 0.9.7a? > > > I should have mentioned... this is with OpenSSL 0.9.7a. > > See o_time.c line 82: > > ts = gmtime(timer); > if (ts != NULL) > memcpy(result, ts, sizeof(struct tm)); > ts = result; > > Essentially, 'result' is left ininitialised if ts==NULL. > > The result buffer was passed in from a_gentm.c line 217 where it hasn't > been initialised yet... The resulting junk causes the sprintf on line > 231 to overflow its buffer. > > Tony >
OK, I see the problem now. I'll commit a fix. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
