diff options
| author | miod <> | 2015-09-27 19:41:37 +0000 | 
|---|---|---|
| committer | miod <> | 2015-09-27 19:41:37 +0000 | 
| commit | ba7d6609fcab2f8dc72ed84e09920aee9da75aa9 (patch) | |
| tree | 9fc507d7689ba8d9af7eea00104b23ad50e74054 /src | |
| parent | 517edd4aef01b023f59cf9b4ca4b8d1c7f226426 (diff) | |
| download | openbsd-ba7d6609fcab2f8dc72ed84e09920aee9da75aa9.tar.gz openbsd-ba7d6609fcab2f8dc72ed84e09920aee9da75aa9.tar.bz2 openbsd-ba7d6609fcab2f8dc72ed84e09920aee9da75aa9.zip | |
Redo 1.25, without the NULL deref.
ok sthen@ bcook@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_print.c | 53 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/bn/bn_print.c | 53 | 
2 files changed, 62 insertions, 44 deletions
| diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c index 021ed23d96..f97f310eda 100644 --- a/src/lib/libcrypto/bn/bn_print.c +++ b/src/lib/libcrypto/bn/bn_print.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_print.c,v 1.26 2015/09/18 09:00:04 sthen Exp $ */ | 1 | /* $OpenBSD: bn_print.c,v 1.27 2015/09/27 19:41:37 miod Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -114,6 +114,20 @@ BN_bn2dec(const BIGNUM *a) | |||
| 114 | BIGNUM *t = NULL; | 114 | BIGNUM *t = NULL; | 
| 115 | BN_ULONG *bn_data = NULL, *lp; | 115 | BN_ULONG *bn_data = NULL, *lp; | 
| 116 | 116 | ||
| 117 | if (BN_is_zero(a)) { | ||
| 118 | buf = malloc(BN_is_negative(a) + 2); | ||
| 119 | if (buf == NULL) { | ||
| 120 | BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE); | ||
| 121 | goto err; | ||
| 122 | } | ||
| 123 | p = buf; | ||
| 124 | if (BN_is_negative(a)) | ||
| 125 | *(p++) = '-'; | ||
| 126 | *(p++) = '0'; | ||
| 127 | *(p++) = '\0'; | ||
| 128 | return (buf); | ||
| 129 | } | ||
| 130 | |||
| 117 | /* get an upper bound for the length of the decimal integer | 131 | /* get an upper bound for the length of the decimal integer | 
| 118 | * num <= (BN_num_bits(a) + 1) * log(2) | 132 | * num <= (BN_num_bits(a) + 1) * log(2) | 
| 119 | * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) | 133 | * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) | 
| @@ -133,31 +147,26 @@ BN_bn2dec(const BIGNUM *a) | |||
| 133 | #define BUF_REMAIN (num+3 - (size_t)(p - buf)) | 147 | #define BUF_REMAIN (num+3 - (size_t)(p - buf)) | 
| 134 | p = buf; | 148 | p = buf; | 
| 135 | lp = bn_data; | 149 | lp = bn_data; | 
| 136 | if (BN_is_zero(t)) { | 150 | if (BN_is_negative(t)) | 
| 137 | *(p++) = '0'; | 151 | *p++ = '-'; | 
| 138 | *(p++) = '\0'; | ||
| 139 | } else { | ||
| 140 | if (BN_is_negative(t)) | ||
| 141 | *p++ = '-'; | ||
| 142 | 152 | ||
| 143 | i = 0; | 153 | i = 0; | 
| 144 | while (!BN_is_zero(t)) { | 154 | while (!BN_is_zero(t)) { | 
| 145 | *lp = BN_div_word(t, BN_DEC_CONV); | 155 | *lp = BN_div_word(t, BN_DEC_CONV); | 
| 146 | lp++; | 156 | lp++; | 
| 147 | } | 157 | } | 
| 158 | lp--; | ||
| 159 | /* We now have a series of blocks, BN_DEC_NUM chars | ||
| 160 | * in length, where the last one needs truncation. | ||
| 161 | * The blocks need to be reversed in order. */ | ||
| 162 | snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp); | ||
| 163 | while (*p) | ||
| 164 | p++; | ||
| 165 | while (lp != bn_data) { | ||
| 148 | lp--; | 166 | lp--; | 
| 149 | /* We now have a series of blocks, BN_DEC_NUM chars | 167 | snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp); | 
| 150 | * in length, where the last one needs truncation. | ||
| 151 | * The blocks need to be reversed in order. */ | ||
| 152 | snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp); | ||
| 153 | while (*p) | 168 | while (*p) | 
| 154 | p++; | 169 | p++; | 
| 155 | while (lp != bn_data) { | ||
| 156 | lp--; | ||
| 157 | snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp); | ||
| 158 | while (*p) | ||
| 159 | p++; | ||
| 160 | } | ||
| 161 | } | 170 | } | 
| 162 | ok = 1; | 171 | ok = 1; | 
| 163 | 172 | ||
| diff --git a/src/lib/libssl/src/crypto/bn/bn_print.c b/src/lib/libssl/src/crypto/bn/bn_print.c index 021ed23d96..f97f310eda 100644 --- a/src/lib/libssl/src/crypto/bn/bn_print.c +++ b/src/lib/libssl/src/crypto/bn/bn_print.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_print.c,v 1.26 2015/09/18 09:00:04 sthen Exp $ */ | 1 | /* $OpenBSD: bn_print.c,v 1.27 2015/09/27 19:41:37 miod Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -114,6 +114,20 @@ BN_bn2dec(const BIGNUM *a) | |||
| 114 | BIGNUM *t = NULL; | 114 | BIGNUM *t = NULL; | 
| 115 | BN_ULONG *bn_data = NULL, *lp; | 115 | BN_ULONG *bn_data = NULL, *lp; | 
| 116 | 116 | ||
| 117 | if (BN_is_zero(a)) { | ||
| 118 | buf = malloc(BN_is_negative(a) + 2); | ||
| 119 | if (buf == NULL) { | ||
| 120 | BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE); | ||
| 121 | goto err; | ||
| 122 | } | ||
| 123 | p = buf; | ||
| 124 | if (BN_is_negative(a)) | ||
| 125 | *(p++) = '-'; | ||
| 126 | *(p++) = '0'; | ||
| 127 | *(p++) = '\0'; | ||
| 128 | return (buf); | ||
| 129 | } | ||
| 130 | |||
| 117 | /* get an upper bound for the length of the decimal integer | 131 | /* get an upper bound for the length of the decimal integer | 
| 118 | * num <= (BN_num_bits(a) + 1) * log(2) | 132 | * num <= (BN_num_bits(a) + 1) * log(2) | 
| 119 | * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) | 133 | * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) | 
| @@ -133,31 +147,26 @@ BN_bn2dec(const BIGNUM *a) | |||
| 133 | #define BUF_REMAIN (num+3 - (size_t)(p - buf)) | 147 | #define BUF_REMAIN (num+3 - (size_t)(p - buf)) | 
| 134 | p = buf; | 148 | p = buf; | 
| 135 | lp = bn_data; | 149 | lp = bn_data; | 
| 136 | if (BN_is_zero(t)) { | 150 | if (BN_is_negative(t)) | 
| 137 | *(p++) = '0'; | 151 | *p++ = '-'; | 
| 138 | *(p++) = '\0'; | ||
| 139 | } else { | ||
| 140 | if (BN_is_negative(t)) | ||
| 141 | *p++ = '-'; | ||
| 142 | 152 | ||
| 143 | i = 0; | 153 | i = 0; | 
| 144 | while (!BN_is_zero(t)) { | 154 | while (!BN_is_zero(t)) { | 
| 145 | *lp = BN_div_word(t, BN_DEC_CONV); | 155 | *lp = BN_div_word(t, BN_DEC_CONV); | 
| 146 | lp++; | 156 | lp++; | 
| 147 | } | 157 | } | 
| 158 | lp--; | ||
| 159 | /* We now have a series of blocks, BN_DEC_NUM chars | ||
| 160 | * in length, where the last one needs truncation. | ||
| 161 | * The blocks need to be reversed in order. */ | ||
| 162 | snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp); | ||
| 163 | while (*p) | ||
| 164 | p++; | ||
| 165 | while (lp != bn_data) { | ||
| 148 | lp--; | 166 | lp--; | 
| 149 | /* We now have a series of blocks, BN_DEC_NUM chars | 167 | snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp); | 
| 150 | * in length, where the last one needs truncation. | ||
| 151 | * The blocks need to be reversed in order. */ | ||
| 152 | snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp); | ||
| 153 | while (*p) | 168 | while (*p) | 
| 154 | p++; | 169 | p++; | 
| 155 | while (lp != bn_data) { | ||
| 156 | lp--; | ||
| 157 | snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp); | ||
| 158 | while (*p) | ||
| 159 | p++; | ||
| 160 | } | ||
| 161 | } | 170 | } | 
| 162 | ok = 1; | 171 | ok = 1; | 
| 163 | 172 | ||
