The openssl command line tool treats the non-null terminated buffer

"mbuf" as a C string when using the pop3 s_client feature. This causes a segmentation fault with malloc.conf option "J" set when BIO_printf() runs off the end of the buffer. The following patch fixes PR 6282 from Matthew Haub (asked to submit upstream), ok djm
author: deraadt <deraadt@openbsd.org> 2010-04-20 23:01:28 +0000
committer: deraadt <deraadt@openbsd.org> 2010-04-20 23:01:28 +0000
commit: 87a7c11b706cf8c773cceaa0083e6e2c5a8068fc (patch)
tree: 4c5893c5a7a3791d3e7bd3cfc05c1b8329922a7a /lib/libssl/src
parent: Add bus_dma and oosiop(4), as found on the AV530 family. Tested on model 4605. (diff)
download: wireguard-openbsd-87a7c11b706cf8c773cceaa0083e6e2c5a8068fc.tar.xz
wireguard-openbsd-87a7c11b706cf8c773cceaa0083e6e2c5a8068fc.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c
index 70e7254a919..5bbad0e1e60 100644
--- a/lib/libssl/src/apps/s_client.c
+++ b/lib/libssl/src/apps/s_client.c
@@ -1074,7 +1074,7 @@ SSL_set_tlsext_status_ids(con, ids);
 
 				if (starttls_proto)
 					{
-					BIO_printf(bio_err,"%s",mbuf);
+					BIO_write(bio_err, mbuf, mbuf_len);
 					/* We don't need to know any more */
 					starttls_proto = PROTO_OFF;
 					}
author	deraadt <deraadt@openbsd.org>	2010-04-20 23:01:28 +0000
committer	deraadt <deraadt@openbsd.org>	2010-04-20 23:01:28 +0000
commit	87a7c11b706cf8c773cceaa0083e6e2c5a8068fc (patch)
tree	4c5893c5a7a3791d3e7bd3cfc05c1b8329922a7a /lib/libssl/src
parent	Add bus_dma and oosiop(4), as found on the AV530 family. Tested on model 4605. (diff)
download	wireguard-openbsd-87a7c11b706cf8c773cceaa0083e6e2c5a8068fc.tar.xz wireguard-openbsd-87a7c11b706cf8c773cceaa0083e6e2c5a8068fc.zip