Skip to content
Commit 05bdebb6 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix off-by-one error in BN_bn2hex



A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
for this and can allocate a buffer one byte too short in the event of -0
being used, leading to a one byte buffer overrun. All usage within the
OpenSSL library is considered safe. Any security risk is considered
negligible.

With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
Filip Palian for discovering and reporting this issue.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
(cherry picked from commit c5635307)

Conflicts:
	crypto/bn/bn_print.c
parent 32b2ad7e
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment