Date: Mon, 26 Sep 2016 08:19:34 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r306335 - stable/9/crypto/openssl/crypto/bn Message-ID: <201609260819.u8Q8JYla058123@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Mon Sep 26 08:19:33 2016 New Revision: 306335 URL: https://svnweb.freebsd.org/changeset/base/306335 Log: Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582: Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()"). This fixes a regression introduced in SA-16:26.openssl. Submitted by: jkim PR: 212921 Modified: stable/9/crypto/openssl/crypto/bn/bn_print.c Modified: stable/9/crypto/openssl/crypto/bn/bn_print.c ============================================================================== --- stable/9/crypto/openssl/crypto/bn/bn_print.c Mon Sep 26 08:18:34 2016 (r306334) +++ stable/9/crypto/openssl/crypto/bn/bn_print.c Mon Sep 26 08:19:33 2016 (r306335) @@ -141,14 +141,13 @@ char *BN_bn2dec(const BIGNUM *a) if (BN_is_negative(t)) *p++ = '-'; - i = 0; while (!BN_is_zero(t)) { + if (lp - bn_data >= bn_data_num) + goto err; *lp = BN_div_word(t, BN_DEC_CONV); if (*lp == (BN_ULONG)-1) goto err; lp++; - if (lp - bn_data >= bn_data_num) - goto err; } lp--; /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201609260819.u8Q8JYla058123>