CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2018/08/14 11:51:36
Modified files:
lib/libcrypto/evp: evp_key.c
Log message:
The UI_add_{input,verify}_string() functions want a length not including
the terminating NUL. EVP_read_pw_string_min() got this wrong, leading to
a one-byte buffer overrun in all callers of EVP_read_pw_string().
Found by mestre running 'openssl passwd' with MALLOC_OPTIONS including C.
Fix this by doing some basic sanity checking in EVP_read_pw_string_min().
Cap the len argument at BUFSIZ and ensure that min < len as well as
0 <= min and 1 <= len. The last two checks are important as these
numbers may end up in reallocarray().
ok bcook (on previous version), jsing, mestre
