diff options
author | Matt Caswell <matt@openssl.org> | 2016-09-21 11:20:18 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-09-22 23:12:38 +0100 |
commit | 4b0fc9fc7a8767f3e6289b2b9f4527db186b3566 (patch) | |
tree | a1f727298be9f459f2900f4a681b3e7eebc31a6c /ssl/packet.c | |
parent | f3b3d7f0033080f86ede5a53e8af2fb313091b5a (diff) |
Add warning about a potential pitfall with WPACKET_allocate_bytes()
If the underlying BUF_MEM gets realloc'd then the pointer returned could
become invalid. Therefore we should always ensure that the allocated
memory is filled in prior to any more WPACKET_* calls.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl/packet.c')
-rw-r--r-- | ssl/packet.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/packet.c b/ssl/packet.c index 6199469969..0e8e8764dd 100644 --- a/ssl/packet.c +++ b/ssl/packet.c @@ -224,6 +224,7 @@ int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes) if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) return 0; + /* Convert to an offset in case the underlying BUF_MEM gets realloc'd */ sub->packet_len = lenchars - (unsigned char *)pkt->buf->data; return 1; |