You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
2.4 KiB
74 lines
2.4 KiB
diff -up openssl-1.0.1e/crypto/bn/bn.h.bn-hex openssl-1.0.1e/crypto/bn/bn.h |
|
--- openssl-1.0.1e/crypto/bn/bn.h.bn-hex 2016-02-24 14:23:33.020233047 +0100 |
|
+++ openssl-1.0.1e/crypto/bn/bn.h 2016-02-24 14:23:06.078615397 +0100 |
|
@@ -129,6 +129,7 @@ |
|
#ifndef OPENSSL_NO_FP_API |
|
#include <stdio.h> /* FILE */ |
|
#endif |
|
+#include <limits.h> |
|
#include <openssl/ossl_typ.h> |
|
#include <openssl/crypto.h> |
|
|
|
@@ -640,7 +641,8 @@ const BIGNUM *BN_get0_nist_prime_521(voi |
|
|
|
/* library internal functions */ |
|
|
|
-#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ |
|
+#define bn_expand(a,bits) (bits > (INT_MAX - BN_BITS2 + 1)?\ |
|
+ NULL:(((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ |
|
(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) |
|
#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) |
|
BIGNUM *bn_expand2(BIGNUM *a, int words); |
|
diff -up openssl-1.0.1e/crypto/bn/bn_print.c.bn-hex openssl-1.0.1e/crypto/bn/bn_print.c |
|
--- openssl-1.0.1e/crypto/bn/bn_print.c.bn-hex 2013-02-11 16:26:04.000000000 +0100 |
|
+++ openssl-1.0.1e/crypto/bn/bn_print.c 2016-02-24 14:15:21.215948376 +0100 |
|
@@ -58,6 +58,7 @@ |
|
|
|
#include <stdio.h> |
|
#include <ctype.h> |
|
+#include <limits.h> |
|
#include "cryptlib.h" |
|
#include <openssl/buffer.h> |
|
#include "bn_lcl.h" |
|
@@ -180,8 +181,10 @@ int BN_hex2bn(BIGNUM **bn, const char *a |
|
|
|
if (*a == '-') { neg=1; a++; } |
|
|
|
- for (i=0; isxdigit((unsigned char) a[i]); i++) |
|
+ for (i=0; i <= (INT_MAX/4) && isxdigit((unsigned char) a[i]); i++) |
|
; |
|
+ if (i > INT_MAX/4) |
|
+ goto err; |
|
|
|
num=i+neg; |
|
if (bn == NULL) return(num); |
|
@@ -197,7 +200,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a |
|
BN_zero(ret); |
|
} |
|
|
|
- /* i is the number of hex digests; */ |
|
+ /* i is the number of hex digits */ |
|
if (bn_expand(ret,i*4) == NULL) goto err; |
|
|
|
j=i; /* least significant 'hex' */ |
|
@@ -246,8 +249,10 @@ int BN_dec2bn(BIGNUM **bn, const char *a |
|
if ((a == NULL) || (*a == '\0')) return(0); |
|
if (*a == '-') { neg=1; a++; } |
|
|
|
- for (i=0; isdigit((unsigned char) a[i]); i++) |
|
+ for (i=0; i <= (INT_MAX/4) && isdigit((unsigned char) a[i]); i++) |
|
; |
|
+ if (i > INT_MAX/4) |
|
+ goto err; |
|
|
|
num=i+neg; |
|
if (bn == NULL) return(num); |
|
@@ -264,7 +269,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a |
|
BN_zero(ret); |
|
} |
|
|
|
- /* i is the number of digests, a bit of an over expand; */ |
|
+ /* i is the number of digits, a bit of an over expand */ |
|
if (bn_expand(ret,i*4) == NULL) goto err; |
|
|
|
j=BN_DEC_NUM-(i%BN_DEC_NUM);
|
|
|