CVSROOT: /cvs Module name: src Changes by: [email protected] 2020/09/12 09:24:39
Modified files:
lib/libcrypto/bn: bn_rand.c
Log message:
Avoid an out-of-bounds access in BN_rand()
If BN_rand() is called with top > 0 and bits == 1, it would allocate
a buf[] of size 1 and set the top bit of buf[1].
Found in OpenSSL commit efee575ad464bfb60bf72dcb73f9b51768f4b1a1 while
looking for something else.
ok beck djm inoguchi
