On 06/06/2014 04:12 AM, Salz, Rich wrote:
Does that mean this RCE is a heap based overflow?
I/O buffers in openssl are generally (always?) from the heap, not on the stack.
The DTLS code uses on-stack buffers for discarding packets, but those
read calls are not affected by the present issue.
--
Florian Weimer / Red Hat Product Security Team
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
