openssl's `MemBio::get_buf` has undefined behavior with empty buffers

Published: Jul 22, 2024
Updated: Jul 23, 2024
GHSA: <a href="https://github.com/advisories/GHSA-q445-7m23-qrmw" target="_blank" rel="noopener"> GHSA-q445-7m23-qrmw
Severity: Medium
Exploit:

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.