In the BIO_debug_callback function, we call BIO_snprintf which could return -1 in the case of an error. However, there is no check for this condition, and so the subsequent code would subtract one from buf and write data there, overwriting the byte immediately before the static buffer.
This patch fixes the problem by checking for a negative return code from the first BIO_sprintf. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4649 Please log in as guest with password guest if prompted
BIO_debug_callback.patch
Description: Binary data
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev