]> granicus.if.org Git - openssl/commit
projects / openssl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b3c7214) | patch
Fix off-by-one in BN_rand
authorMatt Caswell <matt@openssl.org>
Tue, 19 May 2015 15:03:02 +0000 (16:03 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 22 May 2015 22:47:16 +0000 (23:47 +0100)
commite261cf5a2e3c12e9c6221a83a077c5523b85b979
tree867dfb1ac639070f8a2f486195f969fa470c0e49tree | snapshot
parentb3c721482b0fc54e09612f55309acade6b35a7d9commit | diff
Fix off-by-one in BN_rand

If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
crypto/bn/bn.h diff | blob | history
crypto/bn/bn_err.c diff | blob | history
crypto/bn/bn_rand.c diff | blob | history
doc/crypto/BN_rand.pod diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.