From 7bb0fd51ce11175b505f5301bb9b6528b11f0671 Mon Sep 17 00:00:00 2001
From: delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Mon, 26 Sep 2016 08:19:33 +0000
Subject: [PATCH] Apply upstream revision
 3612ff6fcec0e3d1f2a598135fe12177c0419582:

Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").

This fixes a regression introduced in SA-16:26.openssl.

Submitted by:	jkim
PR:		212921


git-svn-id: svn://svn.freebsd.org/base/stable/9@306335 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 crypto/openssl/crypto/bn/bn_print.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto/openssl/crypto/bn/bn_print.c b/crypto/openssl/crypto/bn/bn_print.c
index f9389c1ce..ad652e7f1 100644
--- a/crypto/openssl/crypto/bn/bn_print.c
+++ b/crypto/openssl/crypto/bn/bn_print.c
@@ -141,14 +141,13 @@ char *BN_bn2dec(const BIGNUM *a)
         if (BN_is_negative(t))
             *p++ = '-';
 
-        i = 0;
         while (!BN_is_zero(t)) {
+            if (lp - bn_data >= bn_data_num)
+                goto err;
             *lp = BN_div_word(t, BN_DEC_CONV);
             if (*lp == (BN_ULONG)-1)
                 goto err;
             lp++;
-            if (lp - bn_data >= bn_data_num)
-                goto err;
         }
         lp--;
         /*
-- 
2.45.0