This ticket only applies to master
What is the intended behavior when b or blen is NULL?
all I see is that ret is set to 1 and the function continues.
These issues are both related to the above question.
First issue
When !neg and b == NULL the following operation is preformed likely
resulting in a undefined behavior:
line 164: memcpy(p, b, blen);
memcpy with the b (src) NULL.
Second issue
When b == NULL and n == b, n is decremented while it is NULL likely
resulting in undefined behavior:
line 167: n = b + blen - 1;
line 171:
while (!*n && i > 1) {
*(p--) = 0;
n--;
i--;
}
--
Kurt Cancemi
https://www.x64architecture.com
_______________________________________________
openssl-bugs-mod mailing list
[email protected]
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
