From 8e205fc0bcd4533b91bd04c62a22d4d992a0e6da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Jan 2014 17:27:10 +0100 Subject: [PATCH] Fix potential buffer overflow in suported_curves_ext --- library/ssl_cli.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 76c943d96..62df85747 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -231,7 +231,7 @@ static void ssl_write_supported_elliptic_curves_ext( ssl_context *ssl, size_t *olen ) { unsigned char *p = buf; - unsigned char elliptic_curve_list[20]; + unsigned char *elliptic_curve_list = p + 6; size_t elliptic_curve_len = 0; const ecp_curve_info *curve; ((void) ssl); @@ -260,8 +260,6 @@ static void ssl_write_supported_elliptic_curves_ext( ssl_context *ssl, *p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF ); - memcpy( p, elliptic_curve_list, elliptic_curve_len ); - *olen = 6 + elliptic_curve_len; }