CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2023/01/13 07:46:08
Modified files:
lib/libcrypto/asn1: a_bitstr.c
Log message:
Prevent 1-byte out-of-bounds read in i2c_ASN1_BIT_STRING
If an ASN.1 BIT STRING a of length > 0 contains only zero bytes in a->data,
this old code would end up reading from a->data[-1]. This may or may not
crash. Luckily, anton observed two openssl-ruby regress test failures in
the last few days, which could eventually be traced back to this (after a
lot of painful digging due to coredumps not working properly).
ok jsing
