Build Update for openssl/openssl ------------------------------------- Build: #6435 Status: Still Failing
Duration: 18 minutes and 33 seconds Commit: 02a0231 (OpenSSL_1_0_2-stable) Author: Matt Caswell Message: Ensure we handle len == 0 in ERR_err_string_n If len == 0 in a call to ERR_error_string_n() then we can read beyond the end of the buffer. Really applications should not be calling this function with len == 0, but we shouldn't be letting it through either! Thanks to Agostino Sarubbo for reporting this issue. Agostino's blog on this issue is available here: https://blogs.gentoo.org/ago/2016/10/14/openssl-libcrypto-stack-based-buffer-overflow-in-err_error_string_n-err-c/ Reviewed-by: Richard Levitte <[email protected]> (cherry picked from commit e5c1361580d8de79682958b04a5f0d262e680f8b) View the changeset: https://github.com/openssl/openssl/compare/6d69dc56de8f...02a02319ea6c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/167857899 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications
_____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
