When parsing the configured TLS supported groups list reallocating of the list
of "tuples" happened one element too late. The current tuple count is the
number of "closed" (completed) tuples, the currently active tuple occupies
one more slot, so we need space for `tuple count + 1` elements.
This is only an issue while parsing configurations (not attacker controlled),
and only if the group list somehow manages to contain 32 or distinct elements
(each in its own tuple, and even though OpenSSL does not implement that many
groups in typical builds).
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Thu Apr 16 17:17:38 2026
(Merged from https://github.com/openssl/openssl/pull/30838)
projects / thirdparty / openssl.git / commit
