In file crypto/ec/eck_prn.c, if the function print_bin is called with len >= 15 
and off >= 124, we would eventually hit line 261:

memset( &(str[1]), ' ', off + 4 );

which would write >= 128 bytes into a 127-byte buffer.



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4656
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to