root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

use_proxy(): Add missing terminating NUL byte 

Fixes CVE-2025-9232

There is a missing terminating NUL byte after strncpy() call.
Issue and a proposed fix reported by Stanislav Fort (Aisle Research).

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Tomas Mraz 2025-09-11 18:43:55 +02:00
parent 56c89cd2de
commit 6bca15039e
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/http/http_lib.c
View File

@ -263,6 +263,7 @@ static int use_proxy(const char *no_proxy, const char *server)
/* strip leading '[' and trailing ']' from escaped IPv6 address */
sl -= 2;
strncpy(host, server + 1, sl);
host[sl] = '\0';
server = host;
}