|
 |
8fbb1c |
diff -up openssl-1.0.1e/crypto/bn/bn.h.bn-hex openssl-1.0.1e/crypto/bn/bn.h
|
|
|
8fbb1c |
--- openssl-1.0.1e/crypto/bn/bn.h.bn-hex 2016-02-24 14:23:33.020233047 +0100
|
|
|
8fbb1c |
+++ openssl-1.0.1e/crypto/bn/bn.h 2016-02-24 14:23:06.078615397 +0100
|
|
|
8fbb1c |
@@ -129,6 +129,7 @@
|
|
|
8fbb1c |
#ifndef OPENSSL_NO_FP_API
|
|
|
8fbb1c |
#include <stdio.h> /* FILE */
|
|
|
8fbb1c |
#endif
|
|
|
8fbb1c |
+#include <limits.h>
|
|
|
8fbb1c |
#include <openssl/ossl_typ.h>
|
|
|
8fbb1c |
#include <openssl/crypto.h>
|
|
|
8fbb1c |
|
|
|
8fbb1c |
@@ -640,7 +641,8 @@ const BIGNUM *BN_get0_nist_prime_521(voi
|
|
|
8fbb1c |
|
|
|
8fbb1c |
/* library internal functions */
|
|
|
8fbb1c |
|
|
|
8fbb1c |
-#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
|
|
|
8fbb1c |
+#define bn_expand(a,bits) (bits > (INT_MAX - BN_BITS2 + 1)?\
|
|
|
8fbb1c |
+ NULL:(((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
|
|
|
8fbb1c |
(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
|
|
|
8fbb1c |
#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
|
|
|
8fbb1c |
BIGNUM *bn_expand2(BIGNUM *a, int words);
|
|
|
8fbb1c |
diff -up openssl-1.0.1e/crypto/bn/bn_print.c.bn-hex openssl-1.0.1e/crypto/bn/bn_print.c
|
|
|
8fbb1c |
--- openssl-1.0.1e/crypto/bn/bn_print.c.bn-hex 2013-02-11 16:26:04.000000000 +0100
|
|
|
8fbb1c |
+++ openssl-1.0.1e/crypto/bn/bn_print.c 2016-02-24 14:15:21.215948376 +0100
|
|
|
8fbb1c |
@@ -58,6 +58,7 @@
|
|
|
8fbb1c |
|
|
|
8fbb1c |
#include <stdio.h>
|
|
|
8fbb1c |
#include <ctype.h>
|
|
|
8fbb1c |
+#include <limits.h>
|
|
|
8fbb1c |
#include "cryptlib.h"
|
|
|
8fbb1c |
#include <openssl/buffer.h>
|
|
|
8fbb1c |
#include "bn_lcl.h"
|
|
|
8fbb1c |
@@ -180,8 +181,10 @@ int BN_hex2bn(BIGNUM **bn, const char *a
|
|
|
8fbb1c |
|
|
|
8fbb1c |
if (*a == '-') { neg=1; a++; }
|
|
|
8fbb1c |
|
|
|
8fbb1c |
- for (i=0; isxdigit((unsigned char) a[i]); i++)
|
|
|
8fbb1c |
+ for (i=0; i <= (INT_MAX/4) && isxdigit((unsigned char) a[i]); i++)
|
|
|
8fbb1c |
;
|
|
|
8fbb1c |
+ if (i > INT_MAX/4)
|
|
|
8fbb1c |
+ goto err;
|
|
|
8fbb1c |
|
|
|
8fbb1c |
num=i+neg;
|
|
|
8fbb1c |
if (bn == NULL) return(num);
|
|
|
8fbb1c |
@@ -197,7 +200,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a
|
|
|
8fbb1c |
BN_zero(ret);
|
|
|
8fbb1c |
}
|
|
|
8fbb1c |
|
|
|
8fbb1c |
- /* i is the number of hex digests; */
|
|
|
8fbb1c |
+ /* i is the number of hex digits */
|
|
|
8fbb1c |
if (bn_expand(ret,i*4) == NULL) goto err;
|
|
|
8fbb1c |
|
|
|
8fbb1c |
j=i; /* least significant 'hex' */
|
|
|
8fbb1c |
@@ -246,8 +249,10 @@ int BN_dec2bn(BIGNUM **bn, const char *a
|
|
|
8fbb1c |
if ((a == NULL) || (*a == '\0')) return(0);
|
|
|
8fbb1c |
if (*a == '-') { neg=1; a++; }
|
|
|
8fbb1c |
|
|
|
8fbb1c |
- for (i=0; isdigit((unsigned char) a[i]); i++)
|
|
|
8fbb1c |
+ for (i=0; i <= (INT_MAX/4) && isdigit((unsigned char) a[i]); i++)
|
|
|
8fbb1c |
;
|
|
|
8fbb1c |
+ if (i > INT_MAX/4)
|
|
|
8fbb1c |
+ goto err;
|
|
|
8fbb1c |
|
|
|
8fbb1c |
num=i+neg;
|
|
|
8fbb1c |
if (bn == NULL) return(num);
|
|
|
8fbb1c |
@@ -264,7 +269,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a
|
|
|
8fbb1c |
BN_zero(ret);
|
|
|
8fbb1c |
}
|
|
|
8fbb1c |
|
|
|
8fbb1c |
- /* i is the number of digests, a bit of an over expand; */
|
|
|
8fbb1c |
+ /* i is the number of digits, a bit of an over expand */
|
|
|
8fbb1c |
if (bn_expand(ret,i*4) == NULL) goto err;
|
|
|
8fbb1c |
|
|
|
8fbb1c |
j=BN_DEC_NUM-(i%BN_DEC_NUM);
|