root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
openssl/crypto/pem
History
erbsland-dev 623b7761c7 Fix Edge Cases in Password Callback Handling 
Fixes #8441: Modify the password callback handling to reserve one byte in the buffer for a null terminator, ensuring compatibility with legacy behavior that puts a terminating null byte at the end.

Additionally, validate the length returned by the callback to ensure it does not exceed the given buffer size. If the returned length is too large, the process now stops gracefully with an appropriate error, enhancing robustness by preventing crashes from out-of-bounds access.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)

(cherry picked from commit 5387b71acb)
 		2024-09-09 09:04:30 +02:00
..
build.info
pem_all.c Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY 2021-02-17 15:26:12 +01:00
pem_err.c err: rename err_load_xxx_strings_int functions 2021-05-26 13:01:47 +10:00
pem_info.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
pem_lib.c Update copyright year 2023-03-14 12:49:46 +00:00
pem_local.h Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8 2021-06-09 17:00:10 +02:00
pem_oth.c Update copyright year 2020-11-26 14:18:57 +00:00
pem_pk8.c Fix Edge Cases in Password Callback Handling 2024-09-09 09:04:30 +02:00
pem_pkey.c Copyright year updates 2023-09-19 14:57:48 +02:00
pem_sign.c Update copyright year 2021-06-17 13:24:59 +01:00
pem_x509.c Following the license change, modify the boilerplates in crypto/pem/ 2018-12-06 15:09:09 +01:00
pem_xaux.c Following the license change, modify the boilerplates in crypto/pem/ 2018-12-06 15:09:09 +01:00
pvkfmt.c add checks for the return values of BN_new(), sk_RSA_PRIME_INFO_new_reserve(), 2021-10-27 08:38:30 +10:00