Check for errors in BN_bn2dec() - openssl.git

diff options

author	Dr. Stephen Henson <steve@openssl.org>	2016-08-05 14:26:03 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2016-08-16 00:21:54 +0100
commit	e36f27ddb80a48e579783bc29fb3758988342b71 (patch)
tree	d85fedd74758d1b038c122cdc1503e30210b5b90 /test/tverify.com
parent	d871284aca5524c85a6460119ac1b1e38f7e19c6 (diff)
download	openssl-e36f27ddb80a48e579783bc29fb3758988342b71.tar.gz

Check for errors in BN_bn2dec()

If an oversize BIGNUM is presented to BN_bn2dec() it can cause BN_div_word() to fail and not reduce the value of 't' resulting in OOB writes to the bn_data buffer and eventually crashing. Fix by checking return value of BN_div_word() and checking writes don't overflow buffer. Thanks to Shi Lei for reporting this bug. CVE-2016-2182 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 07bed46f332fce8c1d157689a2cdf915a982ae34) Conflicts: crypto/bn/bn_print.c

Diffstat (limited to 'test/tverify.com')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: