Fix heap buffer overflow in BIO_f_linebuffer

Fix heap buffer overflow in BIO_f_linebuffer

When a FIO_f_linebuffer is part of a bio chain, and the next BIO
preforms short writes, the remainder of the unwritten buffer is copied
unconditionally to the internal buffer ctx->obuf, which may not be
sufficiently sized to handle the remaining data, resulting in a buffer
overflow.

Fix it by only copying data when ctx->obuf has space, flushing to the
next BIO to increase available storage if needed.

Fixes openssl/srt#48

Fixes CVE-2025-68160

Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 26 19:41:40 2026
(cherry picked from commit b21663c35a6f0ed4c8de06855bdc7a6a21f00c2f)