mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix of prefix bio filter (bf_prefix.c): rely on the given length

Browse Source 
The assumption that the received buffer has to be NUL-terminated was
faulty.

Fault found in #5224

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5239)
This commit is contained in:
Richard Levitte 2018-02-01 21:28:59 +01:00
parent f345b1f39d
commit 03cb2cc9e5
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/bf_prefix.c
View File

@ -96,7 +96,7 @@ static int prefix_write(BIO *b, const char *out, size_t outl,
*numwritten = 0; *numwritten = 0;
while (*out != '\0') { while (outl > 0) {
size_t i; size_t i;
char c; char c;
@ -111,7 +111,7 @@ static int prefix_write(BIO *b, const char *out, size_t outl,
} }
/* Now, go look for the next LF, or the end of the string */ /* Now, go look for the next LF, or the end of the string */
for (i = 0; (c = out[i]) != '\n' && c != '\0'; i++) for (i = 0, c = '\0'; i < outl && (c = out[i]) != '\n'; i++)
continue; continue;
if (c == '\n') if (c == '\n')
i++; i++;
@ -123,6 +123,7 @@ static int prefix_write(BIO *b, const char *out, size_t outl,
if (!BIO_write_ex(BIO_next(b), out, i, &num)) if (!BIO_write_ex(BIO_next(b), out, i, &num))
return 0; return 0;
out += num; out += num;
outl -= num;
*numwritten += num; *numwritten += num;
i -= num; i -= num;
} }