提交 03cb2cc9 编写于 作者: R Richard Levitte

Fix of prefix bio filter (bf_prefix.c): rely on the given length

The assumption that the received buffer has to be NUL-terminated was
faulty.

Fault found in #5224
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5239)
上级 f345b1f3
......@@ -96,7 +96,7 @@ static int prefix_write(BIO *b, const char *out, size_t outl,
*numwritten = 0;
while (*out != '\0') {
while (outl > 0) {
size_t i;
char c;
......@@ -111,7 +111,7 @@ static int prefix_write(BIO *b, const char *out, size_t outl,
}
/* Now, go look for the next LF, or the end of the string */
for (i = 0; (c = out[i]) != '\n' && c != '\0'; i++)
for (i = 0, c = '\0'; i < outl && (c = out[i]) != '\n'; i++)
continue;
if (c == '\n')
i++;
......@@ -123,6 +123,7 @@ static int prefix_write(BIO *b, const char *out, size_t outl,
if (!BIO_write_ex(BIO_next(b), out, i, &num))
return 0;
out += num;
outl -= num;
*numwritten += num;
i -= num;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册