mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-07 19:20:49 +02:00
845a3a93b5
wolfSSL_BIO_write rejected negative lengths but allowed a large positive length through to wolfSSL_BIO_MEMORY_write. On a fresh buffer an INT_MAX length overflowed the 4/3 buffer growth calculation, so the grow reported success with a short allocation and the following copy read far past the small source buffer. Add an upper bound check that rejects lengths large enough to overflow the growth math before any allocation or copy, and add a regression test that drives a huge length through the public BIO_write entry point.
Before creating any new configure files (.conf) read the CONF_FILES_README.md