CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2023/11/21 09:31:31
Modified files:
lib/libcrypto/ec: eck_prn.c
Log message:
Fix a <= 5-byte buffer overwrite in print_bin()
If the offset is > 124, this function would overwrite between 1 and 5 bytes
of stack space after str[128]. So for a quick fix extend the buffer by 5
bytes. Obviously this is the permanent fix chosen elswehere. The proper fix
will be to rewrite this function from scratch.
Reported in detail by Masaru Masuda, many thanks!
Fixes https://github.com/libressl/openbsd/issues/145
begrudging ok from beck
