[Pkg-openssl-devel] Re: [jaenicke@openssl.org: Re: Potential
security hole in openssl]
Richard Levitte - VMS Whacker
levitte at openssl.org
Sat Mar 3 07:13:44 CET 2007
In message <20070302074259.GB7943 at burnside> on Fri, 2 Mar 2007 07:42:59 +0000, Julian Gilbey <jdg at polya.uklinux.net> said:
jdg> The patch by Kurt is attached.
Please tell Kurt there's a small bug in his patch. He should
malloc(strlen(buf)), or dstr will not have space for the ending \0.
Incidently, the last argument to strlcpy() should be strlen(buf) (not
strlen(buf)-1) as well.
jdg> --- io.c.old 2007-02-25 18:02:48.000000000 +0100
jdg> +++ io.c 2007-03-01 23:15:53.000000000 +0100
jdg> @@ -61,7 +61,7 @@
jdg>
jdg> if( args_info.verbose_flag )
jdg> {
jdg> - char * dstr = malloc(sizeof(buf-1) );
jdg> + char * dstr = malloc(strlen(buf) -1 );
jdg> strlcpy( dstr, buf, strlen(buf) -1 );
jdg> if (strcmp(dstr, ""))
jdg> message( "<- %s\n", dstr );
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the Pkg-openssl-devel
mailing list