Search
j0ke.net Open Build Service
>
Projects
>
home:netmax
:
monitoring
>
openssl1
> openssl-CVE-2016-0797.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File openssl-CVE-2016-0797.patch of Package openssl1
Index: openssl-1.0.1i/crypto/bn/bn_print.c =================================================================== --- openssl-1.0.1i.orig/crypto/bn/bn_print.c 2014-07-22 21:41:23.000000000 +0200 +++ openssl-1.0.1i/crypto/bn/bn_print.c 2016-02-24 22:09:06.146184510 +0100 @@ -58,6 +58,7 @@ #include <stdio.h> #include <ctype.h> +#include <limits.h> #include "cryptlib.h" #include <openssl/buffer.h> #include "bn_lcl.h" @@ -180,10 +181,12 @@ if (*a == '-') { neg=1; a++; } - for (i=0; isxdigit((unsigned char) a[i]); i++) - ; + for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++); + if (i > INT_MAX/4) + goto err; + + num = i + neg; - num=i+neg; if (bn == NULL) return(num); /* a is the start of the hex digits, and it is 'i' long */ @@ -197,7 +200,7 @@ BN_zero(ret); } - /* i is the number of hex digests; */ + /* i is the number of hex digits */ if (bn_expand(ret,i*4) == NULL) goto err; j=i; /* least significant 'hex' */ @@ -244,12 +247,15 @@ int num; if ((a == NULL) || (*a == '\0')) return(0); + if (*a == '-') { neg=1; a++; } - for (i=0; isdigit((unsigned char) a[i]); i++) - ; + for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++); + if (i > INT_MAX/4) + goto err; + + num = i + neg; - num=i+neg; if (bn == NULL) return(num); /* a is the start of the digits, and it is 'i' long. @@ -264,7 +270,7 @@ BN_zero(ret); } - /* i is the number of digests, a bit of an over expand; */ + /* i is the number of digits, a bit of an over expand */ if (bn_expand(ret,i*4) == NULL) goto err; j=BN_DEC_NUM-(i%BN_DEC_NUM); Index: openssl-1.0.1i/crypto/bn/bn.h =================================================================== --- openssl-1.0.1i.orig/crypto/bn/bn.h 2014-08-06 23:10:56.000000000 +0200 +++ openssl-1.0.1i/crypto/bn/bn.h 2016-02-24 22:10:22.862770519 +0100 @@ -131,6 +131,7 @@ #endif #include <openssl/ossl_typ.h> #include <openssl/crypto.h> +#include <limits.h> #ifdef __cplusplus extern "C" { @@ -696,8 +697,16 @@ /* library internal functions */ -#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ - (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) +#define bn_expand(a,bits) \ + ( \ + bits > (INT_MAX - BN_BITS2 + 1) ? \ + NULL \ + : \ + (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \ + (a) \ + : \ + bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \ + ) #define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) BIGNUM *bn_expand2(BIGNUM *a, int words); #ifndef OPENSSL_NO_DEPRECATED