diff options
| author | delphij <delphij@FreeBSD.org> | 2016-09-26 08:21:29 +0000 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2016-09-26 08:21:29 +0000 |
| commit | 98d61c7c6a7df00ce00d939c90dd3b7087117766 (patch) | |
| tree | 806c7dc59da58b99066a4f6675e2866beaf35cf6 /crypto | |
| parent | 97e9bafcf86f5227357ad944c26c71423589bc4d (diff) | |
| download | FreeBSD-src-98d61c7c6a7df00ce00d939c90dd3b7087117766.zip FreeBSD-src-98d61c7c6a7df00ce00d939c90dd3b7087117766.tar.gz | |
Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim
PR: 212921
Approved by: so
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/openssl/crypto/bn/bn_print.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/crypto/openssl/crypto/bn/bn_print.c b/crypto/openssl/crypto/bn/bn_print.c index 51e4f9e..0530e7df 100644 --- a/crypto/openssl/crypto/bn/bn_print.c +++ b/crypto/openssl/crypto/bn/bn_print.c @@ -141,14 +141,13 @@ char *BN_bn2dec(const BIGNUM *a) if (BN_is_negative(t)) *p++ = '-'; - i = 0; while (!BN_is_zero(t)) { + if (lp - bn_data >= bn_data_num) + goto err; *lp = BN_div_word(t, BN_DEC_CONV); if (*lp == (BN_ULONG)-1) goto err; lp++; - if (lp - bn_data >= bn_data_num) - goto err; } lp--; /* |
