Skip to content
Commit e261cf5a authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix off-by-one in BN_rand



If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
parent b3c72148
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment