forked from openssl/openssl
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Avoid potential OOB if width > sizeof(start)
This can't currently happen due to sizeof(start) being way larger than MAX_OPT_HELP_WIDTH, but wasn't checked for previously. With this patch there still remains one (static) OOB, when the length of the option name and the valtype2param string for that argument overflow the buffer in opt_print. This is kinda unlikely, unless someone intentionally crafts a long option name, in which case this would become some trivial stack buffer overrun with possibility to overwrite pointer to the OPTIONS structure (a long o->name is critical here). I sincerely hope we trust our built-in documentation to not exploit ourselves. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from openssl#12265)
- Loading branch information
Showing
1 changed file
with
58 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters