Skip to content
Commit efee575a authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix off-by-one in BN_rand



If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
parent 7cc18d81
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment