projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 40c60b0) | patch
Check for errors in BN_bn2dec()
authorDr. Stephen Henson <steve@openssl.org>
Fri, 5 Aug 2016 13:26:03 +0000 (14:26 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 15 Aug 2016 23:19:19 +0000 (00:19 +0100)
commit07bed46f332fce8c1d157689a2cdf915a982ae34
tree8b5289bce64b0cfdb46903714ae3aacbfa459d33tree | snapshot
parent40c60b0d7389aa479cf7474a080737e901944d0dcommit | diff
Check for errors in BN_bn2dec()

If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.

Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.

Thanks to Shi Lei for reporting this bug.

CVE-2016-2182

Reviewed-by: Tim Hudson <tjh@openssl.org>
crypto/bn/bn_print.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.