CVSROOT: /cvs Module name: src Changes by: [email protected] 2023/03/12 05:49:02
Modified files:
lib/libcrypto/asn1: a_print.c
Log message:
Avoid an 1 byte out-of-bounds read in ASN1_PRINTABLE_type()
In case the input is not NUL terminated, the reversed check for length
and terminating NUL results in a one-byte overread. The documentation
says that the input should be a string, but in ASN.1 land you never
know...
Reported by Guido Vranken a while back
ok beck
