Fix out-of-memory condition in conf

conf has the ability to expand variables in config files. Repeatedly doing this can lead to an exponential increase in the amount of memory required. This places a limit on the length of a value that can result from an expansion. Credit to OSS-Fuzz for finding this problem. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2894)
author: Matt Caswell <matt@openssl.org> 2017-03-10 10:51:35 +0000
committer: Matt Caswell <matt@openssl.org> 2017-03-12 00:19:14 +0000
commit: 8a585601fea1091022034dd14b961c1ecd5916c3 (patch)
tree: 89aabb7a9041e1c7cd13a87265551adb6b469581 /doc/man5
parent: a3b0d466930ec45bc3ddf4c9e853d73d37783f44 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 24ebafb533..ba9a8ab174 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -44,7 +44,8 @@ or B<${section::name}>. By using the form B<$ENV::name> environment
 variables can be substituted. It is also possible to assign values to
 environment variables by using the name B<ENV::name>, this will work
 if the program looks up environment variables using the B<CONF> library
-instead of calling getenv() directly.
+instead of calling getenv() directly. The value string must not exceed 64k in
+length after variable expansion. Otherwise an error will occur.
 
 It is possible to escape certain characters by using any kind of quote
 or the B<\> character. By making the last character of a line a B<\>
author	Matt Caswell <matt@openssl.org>	2017-03-10 10:51:35 +0000
committer	Matt Caswell <matt@openssl.org>	2017-03-12 00:19:14 +0000
commit	8a585601fea1091022034dd14b961c1ecd5916c3 (patch)
tree	89aabb7a9041e1c7cd13a87265551adb6b469581 /doc/man5
parent	a3b0d466930ec45bc3ddf4c9e853d73d37783f44 (diff)