Last time I check the bug was still present. I will check and let you know if I still see it.
Thank you, Vinny On Mar 13, 2016 11:40 AM, "Sebastian Andrzej Siewior" <sebast...@breakpoint.cc> wrote: > I tried to reproduce the bug and before that I look at > PEM_def_callback() / EVP_read_pw_string_min() where the input password > is read / checked for valid length. The limit is sometimes 1024 sometimes > larger but it never overwrites anything. > I tried various tests ala > openssl x509 -days 3650 -CA cacert.pem -CAkey cakey.pem -req -in \ > cert-req.pem -outform PEM -out cert.pem -CAserial serial \ > -passin $PASS > > with $PASS in "pass:, env: file: and fd:" and a length of 4101 and 9101 > bytes (x…x + \n) and never saw stack-protector screaming up. > > There are no additional information in the bugtraq report [0] or here. If > there was something it might have been fixed by now. At least I can't find > any evidence in current version. > > Any reason not to close this bug? > > [0] http://seclists.org/bugtraq/2012/May/155 > > Sebastian >
