I tried to reproduce the bug and before that I look at PEM_def_callback() / EVP_read_pw_string_min() where the input password is read / checked for valid length. The limit is sometimes 1024 sometimes larger but it never overwrites anything. I tried various tests ala openssl x509 -days 3650 -CA cacert.pem -CAkey cakey.pem -req -in \ cert-req.pem -outform PEM -out cert.pem -CAserial serial \ -passin $PASS
with $PASS in "pass:, env: file: and fd:" and a length of 4101 and 9101 bytes (x…x + \n) and never saw stack-protector screaming up. There are no additional information in the bugtraq report [0] or here. If there was something it might have been fixed by now. At least I can't find any evidence in current version. Any reason not to close this bug? [0] http://seclists.org/bugtraq/2012/May/155 Sebastian
