diff options
| author | Matt Caswell <matt@openssl.org> | 2017-03-10 10:51:35 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-03-12 00:24:40 +0000 |
| commit | c2f9144e52a3168a6faca83839367b0adfedfc50 (patch) | |
| tree | 2cc341aa455be9be280c27e535af12d26b7bc4af /doc | |
| parent | a3b56f2f43b4f405a7023f055520075e327501bd (diff) | |
Fix out-of-memory condition in conf
conf has the ability to expand variables in config files. Repeatedly doing
this can lead to an exponential increase in the amount of memory required.
This places a limit on the length of a value that can result from an
expansion.
Credit to OSS-Fuzz for finding this problem.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2894)
(cherry picked from commit 8a585601fea1091022034dd14b961c1ecd5916c3)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/apps/config.pod | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/apps/config.pod b/doc/apps/config.pod index a9cde8952a..76f282f28c 100644 --- a/doc/apps/config.pod +++ b/doc/apps/config.pod @@ -46,7 +46,8 @@ or B<${section::name}>. By using the form B<$ENV::name> environment variables can be substituted. It is also possible to assign values to environment variables by using the name B<ENV::name>, this will work if the program looks up environment variables using the B<CONF> library -instead of calling getenv() directly. +instead of calling getenv() directly. The value string must not exceed 64k in +length after variable expansion. Otherwise an error will occur. It is possible to escape certain characters by using any kind of quote or the B<\> character. By making the last character of a line a B<\> |