Skip to content
Commit 02a02319 authored by Matt Caswell's avatar Matt Caswell
Browse files

Ensure we handle len == 0 in ERR_err_string_n

If len == 0 in a call to ERR_error_string_n() then we can read beyond the
end of the buffer. Really applications should not be calling this function
with len == 0, but we shouldn't be letting it through either!

Thanks to Agostino Sarubbo for reporting this issue. Agostino's blog on
this issue is available here:
https://blogs.gentoo.org/ago/2016/10/14/openssl-libcrypto-stack-based-buffer-overflow-in-err_error_string_n-err-c/



Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(cherry picked from commit e5c13615)
parent 6d69dc56
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment