CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2023/03/12 05:49:02
Modified files: lib/libcrypto/asn1: a_print.c Log message: Avoid an 1 byte out-of-bounds read in ASN1_PRINTABLE_type() In case the input is not NUL terminated, the reversed check for length and terminating NUL results in a one-byte overread. The documentation says that the input should be a string, but in ASN.1 land you never know... Reported by Guido Vranken a while back ok beck