CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2020/05/23 03:02:02
Modified files: usr.bin/openssl: s_server.c Log message: Avoid an out-of-bounds array access in the s_server. It can be triggered by sending a line to stdin while no connection is open and then connecting a client. The first SSL_write() fails, sends SSL_ERROR_WANT_* and then causes a segfault deep down in the tls stack when accessing &(buf[-1]). ok beck inoguchi