[openssl.org #1047] Bug in sk_insert() causes segfaults in other OpenSSL functions.

via RT Tue, 19 Apr 2005 23:06:38 -0700

[guest - Mon Apr 18 16:32:12 2005]:

> ---- stack.c.patch {
> --- stack.c.orig      Mon Apr 18 09:49:02 2005
> +++ stack.c   Mon Apr 18 14:06:14 2005
> @@ -172,6 +172,7 @@
>               st->data[loc]=data;
>               }
>       st->num++;
> +     st->data[st->num]=NULL;
>       st->sorted=0;
>       return(st->num);
>       }
> ---- } stack.c.patch


I don't see any promises that the data on the stack should be 
NULL terminated, just that the accessors should return NULL 
for out-of-bound access.

Therefore, I think that sk_value() should bounds check the 
index against st->num.

E.g. the attached patch

[EMAIL PROTECTED] (please Cc me on replies)
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [EMAIL PROTECTED]

[openssl.org #1047] Bug in sk_insert() causes segfaults in other OpenSSL functions.

Reply via email to