CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2021/09/23 09:49:48
Modified files:
lib/libcrypto/x509: x509_constraints.c
Log message:
Avoid a potential overread in x509_constraints_parse_mailbox()
The length checks need to be >= rather than > in order to ensure the string
remains NUL terminated. While here consistently check wi before using it
so we have the same idiom throughout this function.
Issue reported by GoldBinocle on GitHub.
ok deraadt@ tb@
