diff --git a/CHANGES b/CHANGES index e431fd4..9e1d4fe 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,9 @@  +Corrections: + In error.c msg2() there was a stack overflow on long messages: The + terminating \0 Byte was written behind the last position. + Thanks to Martin Liška for sending the address sanitizer report. + Porting: OpenSSL, at least 1.1 on Ubuntu, crashed with SIGSEGV under certain conditions: client connection to server with certificate with empty diff --git a/error.c b/error.c index 3135fd5..f0ea73a 100644 --- a/error.c +++ b/error.c @@ -318,7 +318,7 @@ void msg2( struct tm struct_tm; #endif #define BUFLEN 512 - char buff[BUFLEN], *bufp, *syslp; + char buff[BUFLEN+1], *bufp, *syslp; size_t bytes; #if HAVE_CLOCK_GETTIME