]> granicus.if.org Git - openssl/commit
projects / openssl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 726b5e7) | patch
Fix off-by-one in BN_rand
authorMatt Caswell <matt@openssl.org>
Tue, 19 May 2015 15:03:02 +0000 (16:03 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 22 May 2015 22:45:33 +0000 (23:45 +0100)
commitb484b040e39e03efbc889a204f5fd2406d7b04b5
tree1ad052dd7de86dacaf2426c1b1ea1c50efe058fatree | snapshot
parent726b5e71329865d14e46e1eb96c986e3e373bbfdcommit | diff
Fix off-by-one in BN_rand

If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
crypto/bn/bn.h diff | blob | history
crypto/bn/bn_err.c diff | blob | history
crypto/bn/bn_rand.c diff | blob | history
doc/crypto/BN_rand.pod diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.