projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7322abf) | patch
Fix off-by-one error in BN_bn2hex
authorMatt Caswell <matt@openssl.org>
Tue, 19 May 2015 12:59:47 +0000 (13:59 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 4 Jun 2015 08:23:02 +0000 (09:23 +0100)
commitc56353071d9849220714d8a556806703771b9269
treea6ceee0dcd0cbb820ea1f29679490ef699cec6catree | snapshot
parent7322abf5cefdeb47c7d61f3b916c428bf2cd69b6commit | diff
Fix off-by-one error in BN_bn2hex

A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
for this and can allocate a buffer one byte too short in the event of -0
being used, leading to a one byte buffer overrun. All usage within the
OpenSSL library is considered safe. Any security risk is considered
negligible.

With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
Filip Palian for discovering and reporting this issue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
crypto/bn/bn_print.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.