CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/04/15 23:16:48
Modified files:
lib/libtls : tls_keypair.c tls_signer.c
Log message:
libtls: add missing length checks before BIO_new_mem_buf()
Like all proper libcrypto APIs, BIO_new_mem_buf() takes an int as a length
argument. Check the size_t passed in to be at most INT_MAX to avoid issues
with truncation and overflow like it's done everywhere else. After release
this should probably be clamped down further since legitimate files (certs
and keys) are nowhere near this large.
Prompted by a diff by Michael Forney
ok jsing
