abc7a266a3
The static function dynamically allocates an output buffer if the output
grows larger than the static buffer that is normally used. The original
logic implied that |currlen| could be greater than |maxlen| which is
incorrect (and if so would cause a buffer overrun). Also the original
logic would call OPENSSL_malloc to create a dynamic buffer equal to the
size of the static buffer, and then immediately call OPENSSL_realloc to
make it bigger, rather than just creating a buffer than was big enough in
the first place. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot
Oberoi (Int3 Solutions) for reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
|
||
---|---|---|
.. | ||
.cvsignore | ||
b_dump.c | ||
b_print.c | ||
b_sock.c | ||
bf_buff.c | ||
bf_lbuf.c | ||
bf_nbio.c | ||
bf_null.c | ||
bio_cb.c | ||
bio_err.c | ||
bio_lcl.h | ||
bio_lib.c | ||
bio.h | ||
bss_acpt.c | ||
bss_bio.c | ||
bss_conn.c | ||
bss_dgram.c | ||
bss_fd.c | ||
bss_file.c | ||
bss_log.c | ||
bss_mem.c | ||
bss_null.c | ||
bss_rtcp.c | ||
bss_sock.c | ||
Makefile |