Re: [Openvpn-devel] [PATCH v2] crypto_openssl.c: fix heap-buffer-overflow found by AddressSanitizer

Arne Schwabe Tue, 22 Jan 2019 05:46:29 -0800

Am 22.01.19 um 14:41 schrieb Lev Stipakov:
> From: Lev Stipakov <l...@openvpn.net>
> 
> OpenSSL's version of crypto_pem_encode() uses PEM_write_bio()
> function to write PEM-encoded data to BIO object. That method doesn't
> add NUL termanator, unlike its mbedTLS counterpart mbedtls_pem_write_buffer().
> 
> The code which uses PEM data treats it as a string, so missing NUL
> terminator makes sanitizer to compain.
> 
> Fix by adding a NUL terminator.
> 
> Signed-off-by: Lev Stipakov <l...@openvpn.net>
> ---
>  v2: use a dedivcated function to add a nul terminator
                 ^^^ :)


Acked-By: Arne Schwabe

Arne

signature.asc
Description: OpenPGP digital signature

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2] crypto_openssl.c: fix heap-buffer-overflow found by AddressSanitizer

Reply via email to