CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/06/09 06:29:47
Modified files:
lib/libcrypto/asn1: a_mbstr.c
Log message:
Add some missing bounds checks to ASN1_mbstring_copy()
If the in string is unreasonably long, assigning strlen(in) to an int
may overflow, so exclude this situation.
Moreover, the code would unconditionally multiply nchar by 2 or 4,
which could again overflow an int. Check for this situation and error
out to avoid an out of bounds write.
More may be needed in here, which will be revisited later.
Based on a diff by Viktor Dukhovni via OpenSSL.
