diff options
author | Matt Caswell <matt@openssl.org> | 2016-07-01 11:58:05 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-07-01 19:23:29 +0100 |
commit | 1e16987fc18cce9420dd3b76326b8d25746fa258 (patch) | |
tree | 6f75e4d53d4e9fab2c5dce50b21998db6e77f398 /VMS | |
parent | 43cb309053ed3518bdd75dbf05ee96485ea57742 (diff) | |
download | openssl-1e16987fc18cce9420dd3b76326b8d25746fa258.tar.gz |
Avoid an overflow in constructing the ServerKeyExchange message
We calculate the size required for the ServerKeyExchange message and then
call BUF_MEM_grow_clean() on the buffer. However we fail to take account of
2 bytes required for the signature algorithm and 2 bytes for the signature
length, i.e. we could overflow by 4 bytes. In reality this won't happen
because the buffer is pre-allocated to a large size that means it should be
big enough anyway.
Addresses an OCAP Audit issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'VMS')
0 files changed, 0 insertions, 0 deletions