From: Pauli Date: Wed, 4 Jun 2025 23:50:34 +0000 (+1000) Subject: rand: fix memory overrun bug X-Git-Tag: openssl-3.5.1~43 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7057b1d46aea1effc26723ed29c112ca8b5f1fbf;p=thirdparty%2Fopenssl.git rand: fix memory overrun bug Reviewed-by: Tom Cosgrove Reviewed-by: Saša Nedvědický Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/27766) (cherry picked from commit da585e214cf98468e28f4c12ec96ecc7a6192746) --- diff --git a/providers/implementations/rands/test_rng.c b/providers/implementations/rands/test_rng.c index dc533916656..aa407806fbb 100644 --- a/providers/implementations/rands/test_rng.c +++ b/providers/implementations/rands/test_rng.c @@ -158,7 +158,7 @@ static int test_rng_reseed(ossl_unused void *vtest, static size_t test_rng_nonce(void *vtest, unsigned char *out, unsigned int strength, size_t min_noncelen, - ossl_unused size_t max_noncelen) + size_t max_noncelen) { PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest; size_t i; @@ -174,9 +174,10 @@ static size_t test_rng_nonce(void *vtest, unsigned char *out, if (t->nonce == NULL) return 0; + i = t->nonce_len > max_noncelen ? max_noncelen : t->nonce_len; if (out != NULL) - memcpy(out, t->nonce, t->nonce_len); - return t->nonce_len; + memcpy(out, t->nonce, i); + return i; } static int test_rng_get_ctx_params(void *vtest, OSSL_PARAM params[])