CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2020/05/23 03:02:02
Modified files:
usr.bin/openssl: s_server.c
Log message:
Avoid an out-of-bounds array access in the s_server.
It can be triggered by sending a line to stdin while no connection
is open and then connecting a client. The first SSL_write() fails,
sends SSL_ERROR_WANT_* and then causes a segfault deep down in the
tls stack when accessing &(buf[-1]).
ok beck inoguchi
