CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2024/02/15 03:34:30
Modified files:
lib/libcrypto/bio: b_dump.c
Log message:
BIO_dump*() avoid signed integer overflow
This API returns an int encoding the number of bytes printed. Thus, a dump
of a large enough byte string can make this overflow and rely on undefined
behavior. With an indent of 64, as little as 26 MB is enough to make this
happen.
ok jsing
