CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/06/09 06:20:34
Modified files:
lib/libcrypto/cms: cms_pwri.c
Log message:
Avoid out-of-bounds read in CMS password-based decryption
The RFC 3211 PWRI integrity check when unwrapping the password-derived key
accesses seven bytes from a heap-allocated buffer. If an (invalid) block
cipher with short blocks is in use 2 * blocksize may not be sufficient room
for 7 bytes. In that silly case, the function performs an OOB read. Add
length check to avoid this situation
>From Igor Ustinov via OpenSSL.
