diff options
author | Matt Caswell <matt@openssl.org> | 2017-03-10 10:51:35 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-03-12 00:19:14 +0000 |
commit | 8a585601fea1091022034dd14b961c1ecd5916c3 (patch) | |
tree | 89aabb7a9041e1c7cd13a87265551adb6b469581 /doc/man5 | |
parent | a3b0d466930ec45bc3ddf4c9e853d73d37783f44 (diff) |
Fix out-of-memory condition in conf
conf has the ability to expand variables in config files. Repeatedly doing
this can lead to an exponential increase in the amount of memory required.
This places a limit on the length of a value that can result from an
expansion.
Credit to OSS-Fuzz for finding this problem.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2894)
Diffstat (limited to 'doc/man5')
-rw-r--r-- | doc/man5/config.pod | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 24ebafb533..ba9a8ab174 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -44,7 +44,8 @@ or B<${section::name}>. By using the form B<$ENV::name> environment variables can be substituted. It is also possible to assign values to environment variables by using the name B<ENV::name>, this will work if the program looks up environment variables using the B<CONF> library -instead of calling getenv() directly. +instead of calling getenv() directly. The value string must not exceed 64k in +length after variable expansion. Otherwise an error will occur. It is possible to escape certain characters by using any kind of quote or the B<\> character. By making the last character of a line a B<\> |