CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2023/11/21 09:31:31
Modified files: lib/libcrypto/ec: eck_prn.c Log message: Fix a <= 5-byte buffer overwrite in print_bin() If the offset is > 124, this function would overwrite between 1 and 5 bytes of stack space after str[128]. So for a quick fix extend the buffer by 5 bytes. Obviously this is the permanent fix chosen elswehere. The proper fix will be to rewrite this function from scratch. Reported in detail by Masaru Masuda, many thanks! Fixes https://github.com/libressl/openbsd/issues/145 begrudging ok from beck