From b91e96143b97179a0611cea311e2396c29679896 Mon Sep 17 00:00:00 2001 From: delphij Date: Mon, 26 Sep 2016 08:21:29 +0000 Subject: [PATCH] Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582: Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()"). This fixes a regression introduced in SA-16:26.openssl. Submitted by: jkim PR: 212921 Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/9.3@306336 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- UPDATING | 4 ++++ crypto/openssl/crypto/bn/bn_print.c | 5 ++--- sys/conf/newvers.sh | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/UPDATING b/UPDATING index d94932863..0a6ca71f9 100644 --- a/UPDATING +++ b/UPDATING @@ -11,6 +11,10 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20160926 p47 FreeBSD-SA-16:26.openssl [revised] + + Fix OpenSSL regression introduced in SA-16:26. + 20160923 p46 FreeBSD-SA-16:26.openssl Fix multiple OpenSSL vulnerabilitites. diff --git a/crypto/openssl/crypto/bn/bn_print.c b/crypto/openssl/crypto/bn/bn_print.c index f9389c1ce..ad652e7f1 100644 --- a/crypto/openssl/crypto/bn/bn_print.c +++ b/crypto/openssl/crypto/bn/bn_print.c @@ -141,14 +141,13 @@ char *BN_bn2dec(const BIGNUM *a) if (BN_is_negative(t)) *p++ = '-'; - i = 0; while (!BN_is_zero(t)) { + if (lp - bn_data >= bn_data_num) + goto err; *lp = BN_div_word(t, BN_DEC_CONV); if (*lp == (BN_ULONG)-1) goto err; lp++; - if (lp - bn_data >= bn_data_num) - goto err; } lp--; /* diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 6a539b4a6..103cbb330 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.3" -BRANCH="RELEASE-p46" +BRANCH="RELEASE-p47" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi -- 2.42.0