diff options
author | Matt Caswell <matt@openssl.org> | 2016-06-03 15:53:54 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-06-03 20:29:04 +0100 |
commit | 416a5b6c92f9f7a664c34a96e63f50c38b7e3291 (patch) | |
tree | da337cf02477aa69d00e35b93c12a22e4857e331 /crypto | |
parent | 93879f8eedc38b45a30bbd0e7f5863ebfc6d3b86 (diff) | |
download | openssl-416a5b6c92f9f7a664c34a96e63f50c38b7e3291.tar.gz |
BIO_printf() can fail to print the last character
If the string to print is exactly 2048 character long (excluding the NULL
terminator) then BIO_printf will chop off the last byte. This is because
it has filled its static buffer but hasn't yet allocated a dynamic buffer.
In cases where we don't have a dynamic buffer we need to truncate but that
is not the case for BIO_printf(). We need to check whether we are able to
have a dynamic buffer buffer deciding to truncate.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/bio/b_print.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 1b70bac71b..6808cdc6de 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -363,9 +363,15 @@ _dopr(char **sbuffer, break; } } - *truncated = (currlen > *maxlen - 1); - if (*truncated) - currlen = *maxlen - 1; + /* + * We have to truncate if there is no dynamic buffer and we have filled the + * static buffer. + */ + if (buffer == NULL) { + *truncated = (currlen > *maxlen - 1); + if (*truncated) + currlen = *maxlen - 1; + } if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0')) return 0; *retlen = currlen - 1; |