From 80d7075b8b4d178fb0dd94d708e51450cad4f44f Mon Sep 17 00:00:00 2001 From: Pauli Date: Thu, 5 Jun 2025 09:50:34 +1000 Subject: [PATCH] rand: fix memory overrun bug MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reviewed-by: Tom Cosgrove Reviewed-by: Saša Nedvědický Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/27766) (cherry picked from commit da585e214cf98468e28f4c12ec96ecc7a6192746) --- providers/implementations/rands/test_rng.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/providers/implementations/rands/test_rng.c b/providers/implementations/rands/test_rng.c index 57b36469caa..85cea02d267 100644 --- a/providers/implementations/rands/test_rng.c +++ b/providers/implementations/rands/test_rng.c @@ -157,7 +157,7 @@ static int test_rng_reseed(ossl_unused void *vtest, static size_t test_rng_nonce(void *vtest, unsigned char *out, unsigned int strength, size_t min_noncelen, - ossl_unused size_t max_noncelen) + size_t max_noncelen) { PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest; size_t i; @@ -173,9 +173,10 @@ static size_t test_rng_nonce(void *vtest, unsigned char *out, if (t->nonce == NULL) return 0; + i = t->nonce_len > max_noncelen ? max_noncelen : t->nonce_len; if (out != NULL) - memcpy(out, t->nonce, t->nonce_len); - return t->nonce_len; + memcpy(out, t->nonce, i); + return i; } static int test_rng_get_ctx_params(void *vtest, OSSL_PARAM params[]) -- 2.47.2