openssl/crypto/ui
erbsland-dev 5387b71acb Fix Edge Cases in Password Callback Handling
Fixes #8441: Modify the password callback handling to reserve one byte in the buffer for a null terminator, ensuring compatibility with legacy behavior that puts a terminating null byte at the end.

Additionally, validate the length returned by the callback to ensure it does not exceed the given buffer size. If the returned length is too large, the process now stops gracefully with an appropriate error, enhancing robustness by preventing crashes from out-of-bounds access.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
2024-09-09 08:58:03 +02:00
..
build.info
ui_err.c Update copyright year 2021-06-17 13:24:59 +01:00
ui_lib.c Copyright year updates 2023-09-07 09:59:15 +01:00
ui_local.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
ui_null.c Reorganize local header files 2019-09-28 20:26:35 +02:00
ui_openssl.c Update copyright year 2022-05-03 13:34:51 +01:00
ui_util.c Fix Edge Cases in Password Callback Handling 2024-09-09 08:58:03 +02:00