Fix off-by-one in BN_rand (f3b555a6) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit f3b555a6 authored May 19, 2015 by

Matt Caswell

Fix off-by-one in BN_rand



If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

parent c0de854c

Hide whitespace changes

Inline Side-by-side

Please register or to comment