Fix overflow check in BN_bn2dec()

Fix an off by one error in the overflow check added by 07bed46f ("Check for errors in BN_bn2dec()"). Reviewed-by: N Stephen Henson <steve@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>

Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46f ("Check for errors in BN_bn2dec()"). Reviewed-by: N Stephen Henson <steve@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>
099e2968 · Kazuki Yamaguchi · Matt Caswell · 1c288878 · 099e2968
隐藏空白更改
内联并排

Showing with 2 addition and 3 deletion

crypto/bn/bn_print.c crypto/bn/bn_print.c +2 -3

未找到文件。
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -92,14 +92,13 @@ char *BN_bn2dec(const BIGNUM *a)
        if (BN_is_negative(t))
            *p++ = '-';

-        i = 0;
        while (!BN_is_zero(t)) {
+            if (lp - bn_data >= bn_data_num)
+                goto err;
            *lp = BN_div_word(t, BN_DEC_CONV);
            if (*lp == (BN_ULONG)-1)
                goto err;
            lp++;
-            if (lp - bn_data >= bn_data_num)
-                goto err;
        }
        lp--;
        /*