diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-22 02:36:36 +0900 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-08-22 13:38:48 +0100 |
| commit | 099e2968ed3c7d256cda048995626664082b1b30 (patch) | |
| tree | 8531cdef0f64461a84a85d83469e6b45c9245a77 /crypto/bn | |
| parent | 1c288878af42650fbda911b702ae7b551a545b1c (diff) | |
| download | openssl-099e2968ed3c7d256cda048995626664082b1b30.tar.gz | |
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46f332fc
("Check for errors in BN_bn2dec()").
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'crypto/bn')
| -rw-r--r-- | crypto/bn/bn_print.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index f6030ff14c..e5f641b99d 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -92,14 +92,13 @@ char *BN_bn2dec(const BIGNUM *a) if (BN_is_negative(t)) *p++ = '-'; - i = 0; while (!BN_is_zero(t)) { + if (lp - bn_data >= bn_data_num) + goto err; *lp = BN_div_word(t, BN_DEC_CONV); if (*lp == (BN_ULONG)-1) goto err; lp++; - if (lp - bn_data >= bn_data_num) - goto err; } lp--; /* |