[FILE] <root>/crypto/bio/b_sock.c, line 288ff j=strlen(a->h_name)+1; if ((ret->h_name=Malloc(j)) == NULL) goto err; memcpy((char *)ret->h_name, a->h_name , j+1); [BUG] memory overrun (one byte at the end of ret->h_name) allocating "j" bytes but memcpy "j+1" bytes next line [FIX] dont add one byte, the terminating "0" is included! memcpy((char *)ret->h_name, a->h_name , j); Best regards, Ralf ============================================ Ralf Kunoth Application Development fun communications GmbH Brauerstrasse 6, D-76135 Karlsruhe, Germany fon: +49 721 96448-0, fax: +49 721 96448-22 http://www.fun.de, mailto:[EMAIL PROTECTED] I trust in http://www.keytrust.de ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
