artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8988417) | patch
BIO_dump*() avoid signed integer overflow
authortb <tb@openbsd.org>
Thu, 15 Feb 2024 10:34:30 +0000 (10:34 +0000)
committertb <tb@openbsd.org>
Thu, 15 Feb 2024 10:34:30 +0000 (10:34 +0000)
commit2bd5848b8d4f33f9030f5b12ef0f4d3bc548eefd
tree1822ce4b430b71954630507476ca05a5499320cdtree | snapshot
parent8988417b046ba4db6675c11f0c70d0221e1c1a56commit | diff
BIO_dump*() avoid signed integer overflow

This API returns an int encoding the number of bytes printed. Thus, a dump
of a large enough byte string can make this overflow and rely on undefined
behavior.  With an indent of 64, as little as 26 MB is enough to make this
happen.

ok jsing
lib/libcrypto/bio/b_dump.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim