diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2015-09-18 09:00:05 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2015-09-18 09:00:05 +0000 |
| commit | f2cc55ca2a3d63af0bfaf42a85b1cb9a0ecfd1c9 (patch) | |
| tree | da346097b58cea0403314b616adf5f91e7f9fe50 /lib | |
| parent | 04a0c20af1ad2386b9f42b16c5c66602e5c26b6f (diff) | |
Revert bn_print.c:r1.25 ("handle negative-zero in BN_bn2dec() too") for
now, it has a NULL deref. Segfault reported by Mikolaj Kucharski, ok bcook
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/src/crypto/bn/bn_print.c | 53 |
1 files changed, 22 insertions, 31 deletions
diff --git a/lib/libssl/src/crypto/bn/bn_print.c b/lib/libssl/src/crypto/bn/bn_print.c index a68412c8a82..021ed23d96c 100644 --- a/lib/libssl/src/crypto/bn/bn_print.c +++ b/lib/libssl/src/crypto/bn/bn_print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_print.c,v 1.25 2015/09/13 16:02:11 deraadt Exp $ */ +/* $OpenBSD: bn_print.c,v 1.26 2015/09/18 09:00:04 sthen Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -114,20 +114,6 @@ BN_bn2dec(const BIGNUM *a) BIGNUM *t = NULL; BN_ULONG *bn_data = NULL, *lp; - if (BN_is_zero(t)) { - buf = malloc(BN_is_negative(t) + 2); - if (buf == NULL) { - BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE); - goto err; - } - p = buf; - if (BN_is_negative(t)) - *(p++) = '-'; - *(p++) = '0'; - *(p++) = '\0'; - return (buf); - } - /* get an upper bound for the length of the decimal integer * num <= (BN_num_bits(a) + 1) * log(2) * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) @@ -147,26 +133,31 @@ BN_bn2dec(const BIGNUM *a) #define BUF_REMAIN (num+3 - (size_t)(p - buf)) p = buf; lp = bn_data; - if (BN_is_negative(t)) - *p++ = '-'; + if (BN_is_zero(t)) { + *(p++) = '0'; + *(p++) = '\0'; + } else { + if (BN_is_negative(t)) + *p++ = '-'; - i = 0; - while (!BN_is_zero(t)) { - *lp = BN_div_word(t, BN_DEC_CONV); - lp++; - } - lp--; - /* We now have a series of blocks, BN_DEC_NUM chars - * in length, where the last one needs truncation. - * The blocks need to be reversed in order. */ - snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp); - while (*p) - p++; - while (lp != bn_data) { + i = 0; + while (!BN_is_zero(t)) { + *lp = BN_div_word(t, BN_DEC_CONV); + lp++; + } lp--; - snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp); + /* We now have a series of blocks, BN_DEC_NUM chars + * in length, where the last one needs truncation. + * The blocks need to be reversed in order. */ + snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp); while (*p) p++; + while (lp != bn_data) { + lp--; + snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp); + while (*p) + p++; + } } ok = 1; |