Skip to content
Commit f3b555a6 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix off-by-one in BN_rand



If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
parent c0de854c
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment