document BIO_FLAGS_MEM_RDONLY

diff --git a/lib/libcrypto/man/BIO_s_mem.3 b/lib/libcrypto/man/BIO_s_mem.3
index f2522a8..4376321 100644 (file)
--- a/lib/libcrypto/man/BIO_s_mem.3
+++ b/lib/libcrypto/man/BIO_s_mem.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: BIO_s_mem.3,v 1.15 2022/02/19 16:00:14 jsing Exp $
+.\" $OpenBSD: BIO_s_mem.3,v 1.16 2022/12/18 22:27:10 schwarze Exp $
 .\" full merge up to: OpenSSL 8711efb4 Mon Apr 20 11:33:12 2009 +0000
 .\" selective merge up to: OpenSSL 36359cec Mar 7 14:37:23 2018 +0100
 .\"
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 19 2022 $
+.Dd $Mdocdate: December 18 2022 $
 .Dt BIO_S_MEM 3
 .Os
 .Sh NAME
@@ -104,6 +104,10 @@ structure which is extended as appropriate to accommodate the stored data.
 Any data written to a memory BIO can be recalled by reading from it.
 Unless the memory BIO is read only,
 any data read from it is deleted from the BIO.
+To find out whether a memory BIO is read only,
+.Xr BIO_test_flags 3
+can be called with an argument of
+.Dv BIO_FLAGS_MEM_RDONLY .
 .Pp
 Memory BIOs support
 .Xr BIO_gets 3
@@ -262,6 +266,17 @@ first appeared in SSLeay 0.9.1 and have been available since
 .Fn BIO_new_mem_buf
 first appeared in OpenSSL 0.9.5 and has been available since
 .Ox 2.7 .
+.Sh CAVEATS
+Do not manually switch a writable memory BIO to read-only mode: calling
+.Xr BIO_set_flags 3
+with an argument of
+.Dv BIO_FLAGS_MEM_RDONLY
+will ultimately result in a memory leak when the BIO object is
+finally handed to
+.Xr BIO_free 3 .
+It might also cause security issues because it prevents
+.Xr BIO_reset 3
+from clearing the data.
 .Sh BUGS
 There should be an option to set the maximum size of a memory BIO.
 .Pp