Wow, thanks for the thorough report. This was so broken that I had to go for a
pretty major rewrite. Please take a look at commits
3cdd1e94b1d71f2ce3002738f9506da91fe2af45 and
b785504a10310cb2872270eb409b70971be5e76e. (Also cherry-picked to 1.0.2 and
1.0.1.)
All your test cases now pass so I'm
Hi!
Looking at the CVE-2015-0292 fix:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9febee0272
the added (eof v) check seems somewhat suspicious. While it prevents
integer underflow that causes out of bounds memcpy(), it still allows
some messing with output via proper number