LibreSSL -- Memory leak and buffer overflow

2015-10-15T00:00:00
ID E75A96DF-73CA-11E5-9B45-B499BAEBFEAF
Type freebsd
Reporter FreeBSD
Modified 2015-10-26T00:00:00

Description

Qualys reports:

During the code review of OpenSMTPD a memory leak and buffer overflow (an off-by-one, usually stack-based) were discovered in LibreSSL's OBJ_obj2txt() function. This function is called automatically during a TLS handshake (both client-side, unless an anonymous mode is used, and server-side, if client authentication is requested).