RUSTSEC-2024-0357: `MemBio::get_buf` has undefined behavior with empty buffers

magic-wormhole / magic-wormhole.rs

Rust implementation of Magic Wormhole, with new features and enhancements

European Union Public License 1.2

722 stars 78 forks source link

RUSTSEC-2024-0357: `MemBio::get_buf` has undefined behavior with empty buffers #243

Closed github-actions[bot] closed 1 month ago

github-actions[bot] commented 1 month ago

Details
Package	`openssl`
Version	`0.10.64`
URL	https://github.com/sfackler/rust-openssl/pull/2266
Patched Versions	>=0.10.66

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.