diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-08-05 14:26:03 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-08-16 00:21:54 +0100 |
commit | e36f27ddb80a48e579783bc29fb3758988342b71 (patch) | |
tree | d85fedd74758d1b038c122cdc1503e30210b5b90 /test/testgen.com | |
parent | d871284aca5524c85a6460119ac1b1e38f7e19c6 (diff) | |
download | openssl-e36f27ddb80a48e579783bc29fb3758988342b71.tar.gz |
Check for errors in BN_bn2dec()
If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.
Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.
Thanks to Shi Lei for reporting this bug.
CVE-2016-2182
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 07bed46f332fce8c1d157689a2cdf915a982ae34)
Conflicts:
crypto/bn/bn_print.c
Diffstat (limited to 'test/testgen.com')
0 files changed, 0 insertions, 0 deletions