From 7b81a8a3513f2814ffaee388f6371e90ea65b024 Mon Sep 17 00:00:00 2001 From: delphij Date: Mon, 26 Sep 2016 08:21:29 +0000 Subject: [PATCH] Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582: Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()"). This fixes a regression introduced in SA-16:26.openssl. Submitted by: jkim PR: 212921 Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@306336 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- UPDATING | 4 ++++ crypto/openssl/crypto/bn/bn_print.c | 5 ++--- sys/conf/newvers.sh | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/UPDATING b/UPDATING index 2183dad76..08bfb057e 100644 --- a/UPDATING +++ b/UPDATING @@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20160926 p22 FreeBSD-SA-16:26.openssl [revised] + + Fix OpenSSL regression introduced in SA-16:26. + 20160923 p21 FreeBSD-SA-16:26.openssl Fix multiple OpenSSL vulnerabilitites. diff --git a/crypto/openssl/crypto/bn/bn_print.c b/crypto/openssl/crypto/bn/bn_print.c index 51e4f9e51..0530e7dfd 100644 --- a/crypto/openssl/crypto/bn/bn_print.c +++ b/crypto/openssl/crypto/bn/bn_print.c @@ -141,14 +141,13 @@ char *BN_bn2dec(const BIGNUM *a) if (BN_is_negative(t)) *p++ = '-'; - i = 0; while (!BN_is_zero(t)) { + if (lp - bn_data >= bn_data_num) + goto err; *lp = BN_div_word(t, BN_DEC_CONV); if (*lp == (BN_ULONG)-1) goto err; lp++; - if (lp - bn_data >= bn_data_num) - goto err; } lp--; /* diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index c1865acb5..7605aa22d 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.2" -BRANCH="RELEASE-p21" +BRANCH="RELEASE-p22" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi -- 2.42.0